US9215238B2 - System and method for transmitting and utilizing attachments - Google Patents
System and method for transmitting and utilizing attachments Download PDFInfo
- Publication number
- US9215238B2 US9215238B2 US14/080,025 US201314080025A US9215238B2 US 9215238 B2 US9215238 B2 US 9215238B2 US 201314080025 A US201314080025 A US 201314080025A US 9215238 B2 US9215238 B2 US 9215238B2
- Authority
- US
- United States
- Prior art keywords
- inline
- attachment
- information
- conversion
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000004891 communication Methods 0.000 claims abstract description 148
- 238000006243 chemical reaction Methods 0.000 claims description 66
- 230000006870 function Effects 0.000 description 18
- 238000003860 storage Methods 0.000 description 18
- 238000012546 transfer Methods 0.000 description 16
- 230000008569 process Effects 0.000 description 11
- 238000012545 processing Methods 0.000 description 11
- 230000005540 biological transmission Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 9
- 230000007246 mechanism Effects 0.000 description 8
- 238000000605 extraction Methods 0.000 description 7
- 230000009471 action Effects 0.000 description 6
- 238000012795 verification Methods 0.000 description 5
- 102000036364 Cullin Ring E3 Ligases Human genes 0.000 description 4
- 108091007045 Cullin Ring E3 Ligases Proteins 0.000 description 4
- 239000000284 extract Substances 0.000 description 4
- 230000001360 synchronised effect Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000001419 dependent effect Effects 0.000 description 3
- 238000010295 mobile communication Methods 0.000 description 3
- 235000006508 Nelumbo nucifera Nutrition 0.000 description 2
- 240000002853 Nelumbo nucifera Species 0.000 description 2
- 235000006510 Nelumbo pentapetala Nutrition 0.000 description 2
- 230000004913 activation Effects 0.000 description 2
- 230000003321 amplification Effects 0.000 description 2
- 230000006837 decompression Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000009977 dual effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000003199 nucleic acid amplification method Methods 0.000 description 2
- 239000000126 substance Substances 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 238000011144 upstream manufacturing Methods 0.000 description 2
- 238000003490 calendering Methods 0.000 description 1
- 238000005266 casting Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- VJYFKVYYMZPMAB-UHFFFAOYSA-N ethoprophos Chemical compound CCCSP(=O)(OCC)SCCC VJYFKVYYMZPMAB-UHFFFAOYSA-N 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000036316 preload Effects 0.000 description 1
- 230000005236 sound signal Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H04L12/583—
-
- H04L12/5895—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/06—Message adaptation to terminal or network requirements
- H04L51/063—Content adaptation, e.g. replacement of unsuitable content
-
- H04L51/38—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/58—Message adaptation for wireless communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0464—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Definitions
- the application generally describes a system and method for handling data in an electronic communication, and in particular the transmission and automatic utilization of a message attachment in an electronic message addressed to a mobile data communications device (“mobile device”).
- mobile device a mobile data communications device
- Secure Multipurpose Internet Mail Extensions S/MIME
- Pretty Good PrivacyTM PGPP
- OpenPGP OpenPGP
- S/MIME Secure Multipurpose Internet Mail Extensions
- the sender of the e-mail message may sign the message, encrypt the message, or both sign and encrypt the message.
- display of the cryptographic attachment may not be automatic, but instead may be contingent on further action by the user.
- the further action may require the association of an external tool for viewing the cryptographic attachment, or saving the attachment to disk as a file.
- these actions available to a desktop user may not be available to a mobile device user, as the mobile device may be capable of performing only limited actions.
- Known systems and methods of transferring e-mail to a mobile device may also prevent cryptographic attachments from reaching the mobile device.
- Mobile devices often receive data over a wireless network, and these wireless networks often have attachment limiting devices that may strip attachments to prevent large attachments from overflowing the capacity of the wireless network.
- a method of handling cryptographic information in a communication comprising body elements and attachment elements to a mobile device includes the steps of determining if the communication includes an attachment element comprising cryptographic information and converting the attachment element into a body element upon determining that the communication includes an attachment element comprising cryptographic information.
- a system for handling cryptographic information in a cryptographic attachment in a message addressed to a mobile device comprising an inline generator operable to access the cryptographic information in the cryptographic attachment and generate inline cryptographic information from the cryptographic information in the cryptographic attachment and insert the inline cryptographic information into the body part of the message, wherein the generation of the inline cryptographic information facilitates transmission of the cryptographic information to the mobile device.
- FIG. 1 is an overview of an example communication system in which a mobile device may be used
- FIG. 2 illustrates an attachment limiting device that strips attachments from an e-mail message
- FIG. 3 illustrates an inline generator upstream from the attachment limiting device
- FIG. 4 shows in greater detail the elements of the example communication system of FIG. 1 in which the inline generator, attachment limiting device, and inline extractor of FIG. 3 have been integrated;
- FIG. 5 shows in greater detail the exemplary inline generator of FIG. 4 ;
- FIG. 6 shows in greater detail the exemplary inline extractor of FIG. 4 ;
- FIG. 7 is a flowchart illustrating an exemplary embodiment of a method of enabling cryptographic information to be utilized automatically at a mobile device
- FIG. 8 is a flowchart illustrating an exemplary embodiment of a method of automatically utilizing cryptographic information at a mobile device
- FIG. 9 is a block diagram illustrating an inline generator/extractor module
- FIG. 10 is a schematic diagram of an exemplary mobile device
- FIG. 11 is a block diagram showing an example communication system in which the cryptographic information system and method may be used.
- FIG. 12 is a block diagram of an alternative example communication system in which the cryptographic information system and method may be used.
- FIG. 13 is a block diagram of another alternative communication system in which the cryptographic information system and method may be used.
- the Internet Engineering Task Force (IETF) publishes detailed specifications relating to the Internet in general, and relating to Internet e-mail messages, Multipurpose Internet Mail Extensions (MIME), Secure Multipurpose Internet Mail Extensions (S/MIME), and other cryptographic standards and protocols such as Pretty Good Privacy (PGP). These detailed specifications are published as Requests For Comment (RFC) documents.
- MIME Multipurpose Internet Mail Extensions
- S/MIME Secure Multipurpose Internet Mail Extensions
- PGP Pretty Good Privacy
- RFC 822 specifies a header format for e-mail.
- An e-mail message consists of two parts: the header part and the body part.
- the header part forms a collection of structured field/value pairs.
- the body of the message may be structured according to MIME, as specified in RFC 1521, and subsequent RFCs thereto. MIME thus specifies both an extension of e-mail message headers, and a corresponding structured body.
- a MIME structured body can itself be structured using MIME, i.e., a body part can itself have a header part and a body part.
- a MIME e-mail message is a hierarchical structure, rooted at the e-mail message, wherein some of the e-mail message header field/value pairs are also MIME header field/value pairs.
- a MIME entity may be structured as S/MIME, as specified in RFC 1847 and subsequent RFCs thereto.
- S/MIME governs cryptographic electronic messaging, including authentication, message integrity and non-repudiation of origin (using digital signatures), and privacy/data security (using encryption).
- An S/MIME signed entity typically has a “content type” field whose value includes the tokens “multipart/signed,” and a body that contains at least two parts: a first MIME entity part, and a second cryptographic information part.
- the cryptographic information part is typically used to verify that the MIME entity part has not been altered and/or that the sender of the S/MIME signed entity is known and/or trusted.
- An S/MIME encrypted entity contains at least one cryptographic information part.
- the cryptographic information is typically used to decrypt the S/MIME encrypted entity, or for other security related operations.
- An S/MIME encrypted entity may have a “content type” field whose value includes the token “multipart/encrypted”, and a body that contains at least two parts: a first part that contains cryptographic protocol specifying control information for the second part, and a second cryptographic information part.
- An S/MIME entity can be produced by signing and encrypting operations.
- an S/MIME entity can be alternatively signed, encrypted, signed and then encrypted, or encrypted and then signed.
- the use of the term S/MIME entity is meant to cover all of these possible entities having at least one cryptographic information part.
- the cryptographic information part in an S/MIME entity typically has a content type field or a control information part that specifies the specific cryptographic protocol used.
- S/MIME messages which use the cryptographic message syntax protocol for the cryptographic information part have a cryptographic information part with “content type” field having a value which includes one of the tokens “application/x-pkcs7-signature” or “application/x-pkcs7-mime”, as specified in RFC 2311, and subsequent RFCs thereto. These tokens are used for S/MIME signed and S/MIME encrypted messages, respectively.
- a multitude of specific cryptographic protocols can be used for cryptographic attachments in general, and S/MIME in particular.
- a “content type” of “application/pgp-encrypted” and “application/pgp-signature” can be used to specify the cryptographic information part of an S/MIME PGP encrypted and S/MIME PGP signed entity, respectively.
- application/pgp-keys can be used to specify that the cryptographic information part of a PGP message includes PGP public keys.
- the term cryptographic information is used to cover all manner of information related to cryptographic operations.
- the cryptographic information part in an S/MIME entity can be a MIME attachment, as is typical with known S/MIME techniques, such as those in use with Microsoft OutlookTM, Microsoft ExchangeTM, Microsoft Outlook ExpressTM, or other similar S/MIME e-mail techniques.
- MIME attachments are MIME entities that have a content disposition header field whose value includes the token “attachment” to indicate that the body part of the attachment is separate from the body part of a containing MIME entity, and that the display of the attachment should not be automatic, but rather contingent upon some further action of the user.
- FIG. 1 is an overview of an example communication system in which a mobile device may be used
- a mobile device may be used
- FIG. 1 illustratively demonstrates one such topology in which the cryptographic attachment processing systems and methods described in the present application may be implemented.
- Other topologies may also be used, and there may also be additional message senders and recipients in addition to those depicted in FIG. 1 .
- FIG. 1 illustrates an e-mail sender 10 , the Internet 20 , a message server system 40 , a wireless gateway 85 , wireless infrastructure 90 , a wireless network 105 , and a mobile device 100 .
- An e-mail sender system 10 may be connected to an ISP (Internet Service Provider) on which a user of the system 10 has an account, or located within a company and connected to a local area network (LAN) that is connected to the Internet 20 , or connected to the Internet 20 through a large ASP (application service provider) such as America Online (AOL).
- ISP Internet Service Provider
- LAN local area network
- ASP application service provider
- AOL America Online
- the systems shown in FIG. 1 may instead be connected to a wide area network (WAN) other than the Internet.
- the message server 40 may be implemented on a network computer within the firewall of a corporation, a computer within an ISP or ASP system, or the like.
- the message server 40 can be, for example, an e-mail server.
- the mobile device 100 is configured for receiving and possibly sending e-mail and is associated with an account on a message server 40 .
- Perhaps the two most common message servers are Microsoft ExchangeTM and Lotus DominoTM. These products are often used in conjunction with Internet mail routers that typically use UNIX-based Sendmail protocols to route and deliver mail. These intermediate components are not shown in FIG. 1 , as they do not play a direct role in the cryptographic attachment processing described below.
- Message servers such as server 40 typically extend beyond just e-mail sending and receiving; they also include dynamic database storage engines that have predefined database formats for data like calendars, to-do lists, task lists, e-mail and documentation.
- the wireless gateway 85 and infrastructure 90 provide a link between the Internet 20 and wireless network 105 , collectively forming an exemplary e-mail transfer mechanism.
- the wireless infrastructure determines the most likely network for locating a given user and tracks the user as they roam between countries or wireless networks.
- a message is then delivered to the mobile device 100 via wireless transmission, typically at a radio frequency (RF), from a base station in the wireless network 105 to the mobile device 100 .
- RF radio frequency
- the particular network 105 may be virtually any wireless network over which messages may be exchanged with the mobile device 100 .
- an e-mail message 15 having a cryptographic attachment 14 is sent by the e-mail sender 10 over the Internet 20 .
- This message 15 is illustratively an S/MIME message having a cryptographic attachment 14 , and uses traditional Simple Mail Transfer Protocol (SMTP), RFC822 headers and MIME body parts to define the format of the mail message 15 and the cryptographic attachment 14 .
- the message 15 arrives to the message server 40 and is normally stored in a message store.
- Most known messaging systems support a so-called “pull” message access scheme, wherein the mobile device 100 must request that stored messages be forwarded by the message server 40 to the device 100 .
- a message server 40 account is associated with a host system, such as a home computer or office computer, which in turn is associated with the user of a mobile device 100 . Messages directed to the message server 40 account are redirected from the message server 40 to the mobile device 100 as they are received.
- a redirector system may be of the type disclosed in U.S. Pat. No.
- the message 15 is sent to the wireless gateway 85 .
- the wireless infrastructure 90 includes a series of connections to wireless network 105 . These connections could be Integrated Services Digital Network (ISDN), Frame Relay, or T1 connections using the TCP/IP protocol used throughout the Internet.
- ISDN Integrated Services Digital Network
- Frame Relay or T1 connections using the TCP/IP protocol used throughout the Internet.
- wireless network may cover many different types of wireless networks, such as (1) data-centric wireless networks, (2) voice-centric wireless networks and (3) dual-mode networks that can support both voice and data communications over the same physical base stations.
- the newest of these combined dual-mode networks include, but are not limited to (1) the Code Division Multiple Access (CDMA) network, (2) the Groupe Special Mobile or the Global System for Mobile Communications (GSM) and the General Packet Radio Service (GPRS) network both developed by the standards committee of CEPT, and (3) the future third-generation (3G) networks like Enhanced Data-rates for Global Evolution (EDGE) and Universal Mobile Telecommunications Systems (UMTS).
- CDMA Code Division Multiple Access
- GSM Global System for Mobile Communications
- GPRS General Packet Radio Service
- 3G Third-generation
- EDGE Enhanced Data-rates for Global Evolution
- UMTS Universal Mobile Telecommunications Systems
- Some older examples of data-centric network include the MobitexTM Radio Network, and the DataTACTM Radio Network.
- Examples of older voice-centric data networks include Personal Communication Systems (PCS) networks like CDMA, GSM, and TDMA systems that have been available in North America and worldwide for nearly 10 years.
- PCS Personal Communication Systems
- other wireless networks may also be used.
- the system shown in FIG. 1 illustrates three messaging cases; First, the case where a message 15 having a cryptographic attachment 14 is transmitted intact to the mobile device 100 is illustrated. In this case, the integrity of the message 15 is not certain, as an e-mail transfer mechanism in the network that is operable to transfer or redirect e-mail to the mobile device 100 may have an attachment limiting device which strips message attachments.
- the attachment limiting device may not be known to the user of the mobile device 100 , and thus the user of the mobile device 100 may not be able to ascertain whether the message 15 originally included an attachment, or if an attachment has been stripped.
- a stripped message 16 is transmitted to the mobile device 100 .
- stripped message 16 is received.
- the case where stripped message 16 is transmitted to mobile device 100 illustrates the integrity issue suggested in the first case, and also illustrates the case in which a service provider of the mobile device 100 strips attachments as a matter of course. The second case is further described in detail below with reference to FIG. 2 .
- an inline cryptographic message 60 is transmitted to the mobile device 100 , regardless of the presence or absence of an attachment limiting device in the system.
- the case where cryptographic inline message 60 is transferred to mobile device 100 is described in detail with reference to FIGS. 3-10 below.
- FIG. 2 illustrates an attachment limiting device 70 that strips attachments from an e-mail message 15 .
- the message may be a message 15 in FIG. 1 in the case where a stripped message is received at the mobile device 100 .
- E-mail message 15 has at least a header part 12 and a cryptographic attachment 14 .
- Headers 12 include known e-mail fields such as the “To:”, “From:” and “Subject:” fields, as well as, when MIME and S/MIME protocols are used, other header fields.
- the attachment limiting device 70 transforms the e-mail message 15 into a stripped message 16 , which no longer has attachment 14 , and has headers 13 that differ at least from headers 12 by no longer referring to attachment 14 .
- the attachment limiting device 70 may be implemented, for example, by using Messaging Application Programmer's Interface (MAPI) to construct the message 16 by requesting all message elements except for attachment 14 from the message server system 40 of FIG. 1 .
- MAPI Messaging Application Programmer's Interface
- the e-mail message 15 may also be a multipart message, having other parts than just attachment 14 , such as a plain text part. These other parts of message 15 go through attachment limiting device 70 unaltered as they are not attachments, and are transferred as parts of the message 16 .
- FIG. 3 illustrates in an inline generator 65 upstream from the attachment limiting device 70 .
- the inline generator 65 generates an inline e-mail message 60 .
- the inline e-mail message 60 is the inline message received at the mobile device 100 in the third case illustrated in FIG. 1 .
- the message 15 may have a cryptographic attachment, such as in the case of an S/MIME message.
- the information of the cryptographic attachment can be located within the body part of message 15 that immediately follows a header part having a “content disposition” header field/value pair that includes the token “attachment”.
- the specific type of cryptographic attachment in message 15 depends on the cryptographic protocol used. For example, if the cryptographic message syntax used is S/MIME, then the cryptographic attachment may have a “content disposition” field having a value which includes one of the “pkcs” variant protocol tokens: “application/x-pkcs7-signature”, “application/x-pkcs7-mime”, “application/pkcs7-signature”, “application/pkcs7-mime”, etc. Furthermore, in the absence of a specific protocol, the “filename” or “name” MIME parameter associated with the attachment can be used to determine the protocol used in the attachment. For example, the file name extension “.p7m” is associated with the S/MIME token “application/PKCS7-mime.”
- the inline generator 65 converts e-mail message 15 into inline cryptographic e-mail message 60 , by extracting the cryptographic information from message 15 , converting the cryptographic information into an inline form as a cryptographic inline entity 64 , and communicating the inline entity 64 to the mobile device 100 .
- This last step is accomplished, for example, by substituting message 15 with message 60 at the e-mail transfer mechanism.
- the attachment limiting device 70 will not strip the inline entity 64 since inline entity 64 is not an attachment.
- Headers 62 are substantially similar to headers 12 , except that headers 62 specify that message 60 contains inline entity 64 . This ensures that inline cryptographic e-mail message 60 that has in its body the cryptographic inline entity 64 retains the cryptographic information extracted from attachment 14 , regardless of the effect of attachment limiting device 70 .
- the cryptographic inline e-mail message 60 can still have attachment 14 within its body, for example, by using the multipart construct of MIME. If e-mail message 15 has a multipart body, then the inline generator 65 can copy the body of message 15 into the body of message 60 , and optionally include attachment 14 , and then embed the inline entity 64 in the body of message 60 .
- the inline generator 65 may delete the attachment 14 after creating the inline entity 64 , and thus only one copy of the cryptographic information is sent to the mobile device 100 regardless of the presence or absence of attachment limiting device 70 .
- headers 62 can be modified to not specify entity 64 as an attachment, and ensure that entity 64 is not discernible as an attachment.
- the headers 62 specify that entity 64 is an inline entity, thereby fully enabling the cryptographic information to be automatically used at the mobile device 100 . This can be accomplished in a MIME system, for example, by including a “content disposition” field in headers 62 having a token value of “inline”.
- the inline entity 64 may be smaller than attachment 14 , since an attachment may also have to specify a “filename” parameter. Thus, bandwidth requirements are reduced.
- the attachment limiting device 70 if present, operates substantially in the same way as was described in reference to FIG. 2 above. However, because the attachment 14 has been converted to an inline entity 64 , the e-mail message 60 goes through the attachment limiting device 70 unchanged. Of course, if the inline generator 65 is configured to leave other, non-cryptographic attachments unchanged, then the attachment limiting device 70 , if present, will strip these other attachments that the inline e-mail message 60 may still have. The inline generator 65 , however, may also be configured to convert other non-cryptographic attachments to inline entities.
- the attachment limiting device 70 may be implemented in the system either by design or due to external requirements.
- the attachment limiting device 70 may be designed to be implemented at the inline generator 65 , as described above, or at wireless gateway 85 of FIG. 1 , or at another device in the communication system, such as a Proxy Server connected to wireless network 105 .
- the attachment limiting device 70 may be implemented due to an external requirement, such as in the case in which the wireless network 105 and/or wireless infrastructure 90 may be a private network that strips attachments as a matter of course.
- the inline generator 65 may also generate conversion information 63 detailing the conversion of the attachment 14 into the inline entity 64 .
- the conversion information 63 may then be accessed by an inline extractor 115 located in the mobile device 100 to reconstruct the original message 15 and the attachment 14 .
- the conversion information 63 comprises the original headers 12 of the original message 15 prior to processing by the inline generator 65 .
- the inline generator 65 and inline extractor 115 further provide the capability to automatically utilize the inline entity 64 at the mobile device 100 .
- the inline extractor 115 receives the message 60 and extracts the cryptographic inline information 24 from inline e-mail message 60 .
- Inline extractor 115 automatically extracts the cryptographic inline entity 64 from the message, and automatically extracts the inline cryptographic information 24 from the cryptographic inline entity 64 . Because a body part having an inline disposition type is to be displayed or utilized automatically upon receiving the message 60 , the mobile device 100 is thus enabled to automatically utilize the cryptographic information 24 .
- Non-cryptographic utilization of cryptographic information 24 may also be implemented.
- the inline extractor 115 may be used to automatically reconstruct a message sufficiently similar to an original message 15 by fully reversing the process of inline generator 65 to generate a reconstructed attachment 14 from the inline cryptographic information 24 .
- the inline extractor 115 may reconstruct the message 15 and the attachment 14 by accessing the conversion information 63 detailing the conversion of the attachment 14 into the inline entity 64 .
- the automatically reconstructed message 15 and automatically reconstructed attachment 14 may, however, require further action by a user, as the information in the attachment 14 is no longer stored in an inline entity.
- the original message 15 is reconstructed by determining the type of information stored in the inline entity 64 and automatically generating an appropriate attachment file name and converting the inline entity 64 back into attachment 14 .
- the file name extension “.p7m” is associated with the S/MIME token “application/PKCS7-mime.”
- an inline entity 64 is associated with the S/MIME token “application/PKCS7-mime”
- a file name having the extension “.p7m” may be automatically generated and the inline entity 64 may be converted back into an attachment 14 having the automatically generated file name.
- FIG. 4 shows in greater detail elements of the example communication system of FIG. 1 in which the inline generator 65 , attachment limiting device 70 , and inline extractor 115 of FIG. 3 are implemented.
- the inline generator 65 is illustratively implemented in the wireless infrastructure 90 of FIG. 4 and is integrated with wireless gateway 85 to receive the cryptographic e-mail message 15 , convert the message 15 into cryptographic inline e-mail message 60 , and provide the inline e-mail message 60 to the wireless network 105 .
- Inline generator 65 preferably excludes the cryptographic attachment 14 of FIG. 3 from cryptographic inline e-mail message 60 after inserting the cryptographic information as an inline entity 54 to the message 60 , thereby also providing the benefit of an attachment limiting device 70 .
- Mobile device 100 integrates the inline extractor 115 introduced in FIG. 3 .
- a transceiver 110 at the mobile device 100 receives the cryptographic inline e-mail message 60 via wireless network 105 , and provides the cryptographic inline e-mail message 60 to the inline extractor 115 .
- inline extractor 115 enables cryptographic information 24 to be utilized automatically upon viewing of message 60 via a cryptographic e-mail client 150 .
- the cryptographic inline e-mail message 60 may be stored at the mobile device storage 130 .
- cryptographic information 24 includes an encrypted and/or signed version of message 5
- a cryptographic e-mail client 150 can automatically cryptographically. process the message 60 .
- Examples of such automatic processing include checking for the presence of a digital signature in cryptographic inline information 24 of the message and/or applying a private key 140 to decrypt an encrypted session key, the session key being part of cryptographic inline information 24 .
- the session key can in turn be used to decrypt an encrypted version of message 5 , the encrypted version of message 5 also being part of the inline cryptographic information 24 .
- clear message 5 can be shown to the user of the mobile device 100 , along with cryptographic decryption and/or verification status information. Furthermore, clear message 5 can be automatically destroyed when no longer selected for viewing.
- the inline extractor 115 may also perform the function of an inline generator 65 , thus providing the ability to send cryptographic inline entities from the mobile device 100 .
- inline generator 65 may also perform the functions of the inline extractor 115 , and is configured to complement operations of inline generator 65 functions carried out at the mobile device 100 to extract the inline data sent from mobile device 100 and provide a traditional attachment to the recipient of the message sent from the mobile device 100 .
- an attachment may be sent from the mobile device 100 as an inline entity, and then converted to a traditional attachment by the inline generator 65 at the wireless gateway 85 .
- the dual mode functionality of the inline generator 65 and the inline extractor 115 may be triggered such that attachments communicated to the mobile device 100 are converted to inline entities, and attachments communication from the mobile device 100 are converted to inline entities at the mobile device 100 before transmission, and thereafter converted to traditional attachments at the wireless gateway 85 .
- inline generators 65 and inline extractors 115 at various locations in communication networks of a communication system, the capability to “tunnel” attachments over one or more intermediate communication networks in the communication system is provided.
- FIG. 5 shows in greater detail an exemplary inline generator 65 .
- a transceiver 210 such as an Ethernet network interface card, is used to receive cryptographic e-mail message 15 , and to transmit cryptographic inline e-mail message 60 .
- Transceiver 210 can also be used for receiving optional configuration instructions, for instance regarding the optional stripping of attachments.
- Processor 220 processes the program instructions found in an inline generator software module 230 , and communicates with transceiver 210 , as well as with optional storage 240 .
- Storage 240 has an optional MIME inline extractor table 250 .
- Each row of the table 250 represents a rule and includes a mobile device e-mail Address 250 M or similar means of identifying at least one mobile device, a MIME type 250 T, as well as optional criteria 250 C and optional pre-inline processing operations 250 P.
- a mobile device e-mail Address 250 M or similar means of identifying at least one mobile device
- MIME type 250 T or similar means of identifying at least one mobile device
- optional criteria 250 C and optional pre-inline processing operations 250 P.
- the inline generator 65 can be located in any number of different system components. In alternate embodiments, the inline generator 65 can be located in a server that communicates with an e-mail transfer mechanism, such as the elements connected to message server 40 of FIG. 1 , in the e-mail sender 10 , in the same component as the attachment limiting device 70 of FIG. 3 , in the wireless network 105 , in the wireless infrastructure 90 , or in the wireless gateway 85 .
- an e-mail transfer mechanism such as the elements connected to message server 40 of FIG. 1 , in the e-mail sender 10 , in the same component as the attachment limiting device 70 of FIG. 3 , in the wireless network 105 , in the wireless infrastructure 90 , or in the wireless gateway 85 .
- FIG. 6 shows in greater detail the inline extractor 115 of FIG. 4 .
- a transceiver 112 such as the wireless transceiver 110 of FIG. 4 , is used to receive cryptographic inline e-mail message 60 .
- Transceiver 112 may optionally be used to transmit inline generator configuration instructions, if the inline generator is so enabled, for example, to enable or disable inline operation and/or attachment stripping on a per MIME type basis.
- Processor 320 processes the instructions in inline extractor software module 330 , communicates with transceiver 112 , as well as with storage 340 .
- Storage 340 may be such as the mobile data storage 130 of FIG. 4 .
- Storage 340 optionally has inline extractor configuration table 350 .
- Each row of the table 350 represents a rule and includes an application 350 A or other device module reference to be signaled upon conversion of an inline entity, such as cryptographic inline entity 64 , a MIME type 350 T, as well as optional criteria 350 C and optional post-inline processing operations 350 P.
- An exemplary method that may be used with these system components is described in further detail below with reference to FIG. 8 .
- the inline extractor 115 is preferably located in the mobile device 100 .
- FIG. 7 is a flowchart illustrating an exemplary method of enabling cryptographic information to be utilized automatically at a mobile device 100 .
- an e-mail message such as S/MIME e-mail Message 15 , or e-mail message 5 .
- the step of receiving may encompass an e-mail message being retrieved from storage, for instance after being marked as unread, or an e-mail message being received at a message server, such as message server 40 .
- step 420 it is determined whether the e-mail message received at step 410 has attachments. This can be accomplished using MAPI, or by inspecting the structure of the e-mail message, as previously described. If the e-mail message has attachments, for example, in the case of cryptographic e-mail message 15 , then steps 430 to 470 ensue to generate an inline entity from the e-mail message, followed by step 480 . Conversely, if the e-mail message does not have attachments, for example, in the case of e-mail message 5 , then only step 480 ensues.
- each attachment in the e-mail message is processed through step 440 , and depending on the outcome of step 440 , either step 450 or step 460 .
- storage 240 is consulted in order to determine if configuration table 250 stores a rule that matches for the attachment currently being processed.
- Each rule specifies a conversion condition upon which being met the attachment is converted to an inline entity.
- a default rule is defined for cryptographic attachments and configuration table 250 and storage 240 need not be consulted.
- a default rule for S/MIME is defined by elements 250 M and 250 T of FIG. 5 . These elements comprise a rule which can be interpreted as: regardless of the recipient 250 M of the e-mail message, whenever an S/MIME type 250 T attachment is found, the inline generator software module 230 embeds the attachment in the lines of the body of the resulting e-mail message.
- criteria 250 C may be used to determine if the attachment meets pre-inline conditions to be embedded in the lines of the body. If the condition 250 C is met, then pre-inline operations 250 P, if any, may be desired to adapt the information that is derived from the message or attachment that is actually sent as an inline entity. For example, in the case of S/MIME type 250 T attachments, the criteria 250 C can be “all”, indicating that all S/MIME attachments should be embedded in the lines of the body.
- a re-ordering pre-inline operation 250 P can adapt the cryptographic information in the S/MIME attachment so that optional components of the cryptographic attachment appear at the end.
- Such re-ordering and pre-inline operations are disclosed in U.S. Provisional Application Ser. No. 60/297,681, filed on Jun. 12, 2001, the disclosure of which is incorporated herein by reference.
- the first rule in the first row of table 250 indicates that the recipient is email@dev, the MIME type is jpeg, the criteria is “size ⁇ 32k”, and a pre-inline operation of “dithering” the jpeg image contained in the attachment.
- the criteria is “size ⁇ 32k”
- a pre-inline operation of “dithering” the jpeg image contained in the attachment if a jpeg attachment that is greater than or equal to 32 kilobytes is received, then it is not embedded into the lines of the body.
- a jpeg attachment which is less than 32 kilobytes is received, then it is dithered, i.e., turned into a black and white image, before it is embedded into the lines of the body to adapt the image to be displayed on a black and white screen.
- a pre-inline operation is the “re-casting” of an attachment into an alternate data type or MIME type that is more readily useable at the mobile device 100 .
- MIME alternate data type
- the mobile device 100 need not convert the vcard attachment into an address book entry.
- recasting is providing a subset of attachment data.
- the message server 40 may be configured to verify the authenticity of the digital certificate. If the authenticity is verified, then the resulting inline entity may only comprise the public key of the digital certificate, or the status of the digital certificate, for example, and the remaining digital certificate data need not be transferred.
- step 450 the attachment is converted into an inline entity and embedded into the body of the e-mail message.
- step 460 the attachment is left intact, or optionally stripped to conserve bandwidth over the wireless network 90 and resources at the mobile device 100 .
- step 470 the next attachment, if any, is processed through steps 440 to 470 . However, if all attachments have been processed, then step 480 ensues.
- the processed e-mail message is sent to the mobile device 100 .
- the original attachments can be optionally removed from the e-mail message, thereby providing the above mentioned bandwidth conservation benefit of the attachment limiting device.
- step 480 there is provided a cryptographic inline e-mail message 60 converted from the received cryptographic e-mail message 15 .
- e-mail message 5 continues as if unprocessed and is provided after step 480 . This ensures that if a cryptographic inline message 60 or a regular e-mail message is received without attachments at step 410 , the message is not altered.
- the process of FIG. 7 may be carried out simultaneously at multiple locations in the system, as processed messages are not affected by further execution of steps 410 - 480 . These additional locations may include the wireless infrastructure 90 , the wireless gateway 85 , and other locations.
- FIG. 8 provides a flowchart illustrating an exemplary embodiment of a method of automatically using cryptographic information at a mobile device 100 .
- an e-mail message such as cryptographic inline message 60 , or e-mail message 5 .
- the step of receiving can be realized by either receiving a message over the wireless network 105 , or by retrieving a message from a data store in the mobile device 100 .
- step 520 it is determined whether the e-mail message received at step 510 has a body with inline entities. In one embodiment, the determination is made by inspecting the structure of the e-mail message. If the e-mail message has inline entities, for example, in the case of cryptographic inline e-mail message 60 having cryptographic inline entity 64 of FIG. 3 , then steps 530 to 570 ensue to convert the e-mail message, followed by step 580 . Conversely, if the e-mail message does not have inline entities, for example, in the case of e-mail message 5 , or a message with a traditional attachment but without any inline entities, then only step 580 ensues.
- each inline entity of the e-mail message is processed through step 540 , and depending on the outcome of step 540 , either at step 550 or step 560 .
- step 540 storage 340 is consulted in order to determine if configuration table 350 contains a rule that matches for the inline entity of the e-mail message currently being processed.
- Each rule specifies an extraction condition upon which being met the information stored in the inline entity is extracted.
- a default rule is defined for cryptographic attachments and configuration table 350 and storage 340 need not be consulted.
- the default rule is illustrated for S/MIME by elements 350 A and 350 T of FIG. 6 , which can be interpreted as: whenever an S/MIME type 350 T inline entity is found, the inline extractor software module 330 extracts the cryptographic information from the inline entity to automatically provide the cryptographic information found therein.
- criteria 350 C may be used to determine if the inline entity, once extracted from the message, meets post-inline processing conditions and should therefore be post-inline processed. Additionally, optional post-inline processing operations, if any, are specified.
- the criteria 350 C can be, for example, “key/CRL”, and post-inline operations 350 P “decrypt/verify” indicating that the presence of an S/MIME Private Key 40 of FIG. 4 is a pre-condition for automatic decryption of the inline entity, and that the presence of a certificate revocation list (CRL) is a pre-condition for verification of the integrity of a digital signature certificate and/or the message.
- decryption and verification “decrypt/verify” 350 P of a digital signature of the S/MIME message using the CRL can take place.
- FIG. 6 An example of how these optional operations can be utilized with cryptographic and non-cryptographic attachments is illustrated in FIG. 6 .
- a mobile device 100 has a display screen of 160 by 160 pixels.
- the first rule in the first row of table 350 indicates that the application is “browser”, the MIME type is jpeg, and the criteria is “(w or h)>160 pixels”, with the post-inline operation of scaling the image.
- the criteria is “(w or h)>160 pixels”
- Another example of a post-inline operation is the adding of inline information into a record system or data store readily useable at the mobile device 100 .
- an address book application on the mobile device 100 can automatically add the entry if it is not already in the address book.
- a decompression program on the mobile device 100 can be configured to automatically decompress the compressed file contained in the inline entity.
- step 550 the inline information in the inline body portion is extracted from the body of the e-mail message.
- step 560 the inline entity is left intact.
- step 570 the next inline entity of the received e-mail message, if any, is processed through steps 540 to 570 . However, if all inline entities have been processed, then step 580 ensues.
- reception of the e-mail message is signaled to the mobile device after the automatic inline processing.
- step 580 there is provided inline cryptographic information 24 in the case of a cryptographic inline message 60 being received at step 510 .
- inline cryptographic information 24 in the case of a cryptographic inline message 60 being received at step 510 .
- e-mail 5 is unprocessed and is provided after step 580 .
- the inline information 24 is automatically utilized at the mobile device 100 upon receiving the message or retrieving the message.
- the mobile device 100 requires a user intervention before the inline information may be used.
- an exemplary method includes the steps of determining if the communication includes a cryptographic attachment element comprising cryptographic information, and converting the cryptographic attachment element into a cryptographic body element upon determining that the communication includes a cryptographic attachment element.
- the systems and methods disclosed herein are not necessarily limited to MIME and S/MIME type communication systems.
- the functionality of the inline generator 65 and inline extractor 115 may be combined in a single inline generator/extractor module 1000 , as shown in FIG. 9 .
- Software modules performing the function of the inline generator/extractor module 1000 may be located and executed at various locations in a communication network.
- the dual mode functionality of the inline generator/extractor module 1000 may be triggered in a manner such that attachments communicated to the mobile device 100 from a transmitting device, such as another mobile device 100 , a wireless gateway 85 , or a message server 40 , as shown in FIG. 1 , are converted to inline entities before being transmitted over the wireless network 105 .
- attachments sent from the mobile device 100 to a recipient are converted to inline entities at the mobile device 100 before being transmitted over the wireless network 105 .
- the inline entities may be converted back into an attachment entity by another inline generator/extractor module executed on the recipient device or intermediate device.
- the recipient device such as another mobile device 100 or a message server 40
- an intermediate device such as the wireless gateway 85
- the inline entities may be converted back into an attachment entity by another inline generator/extractor module executed on the recipient device or intermediate device.
- multiple inline generator/extractor modules 1000 located in various communication networks in a communication system can provide the capability to “tunnel” attachments over one or more intermediate communication networks in the communication system.
- the inline generator/extractor module 1000 illustratively comprises software operable to monitor outgoing and incoming communications to the device upon which it is executed, and further comprises a data store storing a table of conversion conditions 1002 and conversion operations 1003 .
- the substance of an outgoing communication is monitored in a similar manner as described with reference to FIGS. 5 and 7 above.
- an outgoing mixed element communication 1008 comprising body elements 1010 and attachment elements 1012 may be converted into a body element communication 1014 comprising body elements 1016 that include the body elements 1010 and converted attachment elements 1018 .
- the converted attachment elements 1018 in this example comprise the same attachment element 1012 information, but have been converted to a body element type.
- the conversion may be implemented as previously described, such as in the case of a MIME or S/MIME communication, or may be implemented in accordance with some other communication standard that differentiates between message body elements and attachment elements.
- a conversion condition 1002 is met, then an associated conversion operation 1003 may be performed on the attachment element 1012 in a manner as previously described.
- the outgoing mixed element communication 1008 may be converted into a body element communication 1020 comprising body elements 1022 that include the body elements 1010 and operated attachment elements 1024 .
- the information in the body elements 1010 and the attachment elements 1012 may also be sent in two communications.
- the first communication may comprise body elements 1026 , which comprise the same information as body elements 1010 in the mixed element communication 1008 .
- a second communication may then comprise converted attachment elements 1028 .
- the converted attachment elements 1028 comprise the same attachment element 1012 information, but have been converted to a body element type.
- the outgoing mixed element communication 1008 may be converted into a first body element communication 1026 comprising body elements 1026 that include the body elements 1010 , and a second body element communication comprising the converted attachment elements 1028 .
- the inline generator/extractor 1000 also comprises a table of extraction conditions 1004 and associated extraction operations 1005 .
- the substance of an incoming communication is monitored in a similar manner as described with reference to FIGS. 6 and 8 above.
- communication data 1036 comprising body information 1038 and attachment information 1040 may be extracted from an incoming body element communication 1030 comprising body elements 1032 and converted attachment elements 1034 .
- the extraction of the body information 1038 and the attachment information 1040 may be implemented as previously described, such as in the case of a MIME or S/MIME communication, or may be implemented in accordance with some other communication standard that differentiates between message body elements and attachment elements.
- the attachment information 1040 may be automatically utilized by the device receiving the body element communication 1030 .
- an extraction condition 1004 is met, then an associated extraction operation 1005 may be performed on the converted attachment elements 1034 in a manner as previously described.
- communication data 1042 comprising body information 1044 from the body elements 1032 and operated attachment information 1046 resulting from an operation on the converted attachment elements 1034 may be obtained.
- the inline generator/extractor module 1000 may be operable to reconstruct the original message 1048 comprising body elements 1050 and attachment elements 1052 .
- the reconstruction of the original message 1048 may be implemented as previously described with reference to conversion information detailing the conversion of the attachment elements 1052 into the converted attachment elements 1034 .
- the original communication 1048 is reconstructed by determining the type of converted attachment elements 1034 and automatically generating appropriate attachment file names and converting the converted attachment elements 1034 back into attachment elements 1052 .
- the file name extension “.p7m” is associated with the S/MIME token “application/PKCS7-mime.”
- a converted attachment element 1034 is associated with the S/MIME token “application/PKCS7-mime”
- a file name having the extension “.p7m” may be automatically generated and the converted attachment element 1034 can be converted back into attachment element 1052 having the automatically generated file name.
- the inline generator/extractor module 1000 can automatically generate a file name having the extension “.jpg” and the converted attachment element 1052 can be converted back into attachment element 1052 having the automatically generated file name.
- This automatic conversion process may also be configurable by file type, e.g., a user of a mobile device 100 may select which converted attachment types are to be automatically reconstructed.
- a user of a mobile device 100 may desire automatic utilization of cryptographic information, but may not desire the automatic display of other inline entities.
- the user may configure the mobile device 22 to automatically convert all inline entities that are not of a cryptographic type into attachments.
- FIG. 10 provides a block diagram of an exemplary wireless device 900 that can be utilized with the systems and methods disclosed herein.
- the wireless device 900 is preferably a two-way communication device having at least voice and data communication capabilities.
- the device preferably has the capability to communicate with other computer systems on the Internet.
- the device may be referred to as a data messaging device, a two-way pager, a cellular telephone with data messaging capabilities, a wireless Internet appliance or a data communication device (with or without telephony capabilities).
- the device 900 will incorporate a communication subsystem 911 , also shown as transceiver 110 in FIG. 6 , including a receiver 912 , a transmitter 914 , and associated components such as one or more, preferably embedded or internal, antenna elements 916 and 918 , local oscillators (LOs) 913 , and a processing module such as a digital signal processor (DSP) 920 .
- a communication subsystem 911 also shown as transceiver 110 in FIG. 6 , including a receiver 912 , a transmitter 914 , and associated components such as one or more, preferably embedded or internal, antenna elements 916 and 918 , local oscillators (LOs) 913 , and a processing module such as a digital signal processor (DSP) 920 .
- the particular design of the communication subsystem 911 will be dependent upon the communication network in which the device is intended to operate.
- a device 900 destined for a North American market may include a communication subsystem 911 designed to operate within the Mobitex mobile communication system or DataTAC mobile communication system, whereas a device 900 intended for use in Europe may incorporate a General Packet Radio Service (GPRS) communication subsystem 911 .
- GPRS General Packet Radio Service
- Network access requirements will also vary depending upon the type of network 919 , such as Wireless Network 105 of FIG. 1 .
- mobile devices such as 900 are registered on the network using a unique personal identification number or PIN associated with each device.
- PIN personal identification number
- network access is associated with a subscriber or user of a device 900 .
- a GPRS device therefore, requires a subscriber identity module, commonly referred to as a SIM card, in order to operate on a GPRS network. Without a SIM card, a GPRS device will not be fully functional. Local or non-network communication functions (if any) may be operable, but the device 900 will be unable to carry out any functions involving communications over network 919 .
- a device 900 may send and receive communication signals over the network 919 .
- Signals received by the antenna 916 through a communication network 919 are input to the receiver 912 , which may perform such common receiver functions as signal amplification, frequency down conversion, filtering, channel selection and the like, and in the example system shown in FIG. 10 , analog to digital conversion. Analog to digital conversion of a received signal allows more complex communication functions such as demodulation and decoding to be performed in the DSP 920 .
- signals to be transmitted are processed, including modulation and encoding for example, by the DSP 920 and input to the transmitter 914 for digital to analog conversion, frequency up conversion, filtering, amplification and transmission over the communication network 919 via the antenna 918 .
- the DSP 920 not only processes communication signals, but also provides for receiver and transmitter control.
- the gains applied to communication signals in the receiver 912 and transmitter 914 may be adaptively controlled through automatic gain control algorithms implemented in the DSP 920 .
- the device 900 preferably includes a microprocessor 938 , such as processor 320 of FIG. 6 , which controls the overall operation of the device. Communication functions, including at least data and voice communications, are performed through the communication subsystem 911 .
- the microprocessor 938 also interacts with further device subsystems such as the display 922 , flash memory 924 , random access memory (RAM) 926 , auxiliary input/output (I/O) subsystems 928 , serial port 930 , keyboard 932 , speaker 934 , microphone 936 , a short-range communications subsystem 940 and any other device subsystems generally designated as 942 .
- a microprocessor 938 such as processor 320 of FIG. 6 , which controls the overall operation of the device. Communication functions, including at least data and voice communications, are performed through the communication subsystem 911 .
- the microprocessor 938 also interacts with further device subsystems such as the display 922 , flash memory 924 , random access memory (RAM) 926 , auxiliary
- Some of the subsystems shown in FIG. 10 perform communication-related functions, whereas other subsystems may provide “resident” or on-device functions.
- some subsystems such as keyboard 932 and display 922 for example, may be used for both communication-related functions, such as entering a text message for transmission over a communication network, and device-resident functions such as a calculator or task list.
- Operating system software used by the microprocessor 938 is preferably stored in a persistent store such as flash memory 924 , which may instead be a read only memory (ROM) or similar storage element.
- the operating system, specific device applications, or parts thereof, may be temporarily loaded into a volatile store such as RAM 926 .
- Received communication signals may also be stored to RAM 926 .
- Flash memory 924 preferably includes data communication module 924 B, and when device 900 is enabled for voice communication, voice communication module 924 A.
- other software modules 924 N such as the inline extractor software module 330 of FIG. 6 and software portions of cryptographic e-mail client 150 of FIG. 4 , as well as a cryptographic engine software module.
- the microprocessor 938 in addition to its operating system functions, preferably enables execution of software applications on the device 900 .
- a predetermined set of applications which control basic device operations, including at least data and voice communication applications for example, will normally be installed on the device 900 during manufacture.
- a preferred application that may be loaded onto the device may be a personal information manager (PIM) application having the ability to organize and manage data items relating to the device user such as, but not limited to e-mail, calendar events, voice mails, appointments, and task items.
- PIM personal information manager
- Such PIM application would preferably have the ability to send and receive data items via the wireless network 105 .
- the PIM data items are seamlessly integrated, synchronized and updated, via the wireless network 105 , with the device user's corresponding data items stored or associated with a host computer system.
- Further applications may also be loaded onto the device 900 through the network 919 , an auxiliary I/O subsystem 928 , serial port 930 , short-range communications subsystem 940 or any other suitable subsystem 942 , and installed by a user in the RAM 926 or preferably a non-volatile store for execution by the microprocessor 938 .
- Such flexibility in application installation increases the functionality of the device 900 and may provide enhanced on-device functions, communication-related functions, or both.
- secure communication applications as described herein may enable electronic commerce functions and other such financial transactions to be performed using the device 900 .
- a received signal such as a text message or web page download will be processed by the communication subsystem 911 and input to the microprocessor 938 , which will preferably further process the received signal for output to the display 922 , or alternatively to an auxiliary I/O device 928 .
- a user of device 900 may also compose data items such as e-mail messages for example, using the keyboard 932 , which is preferably a complete alphanumeric keyboard or telephone-type keypad, in conjunction with the display 922 and possibly an auxiliary I/O device 928 . Such composed items may then be transmitted over a communication network through the communication subsystem 911 .
- the device 900 For voice communications, overall operation of the device 900 is substantially similar, except that received signals would preferably be output to a speaker 934 and signals for transmission would be generated by a microphone 936 .
- Alternative voice or audio I/O subsystems such as a voice message recording subsystem may also be implemented on the device 900 .
- voice or audio signal output is preferably accomplished primarily through the speaker 934
- the display 922 may also be used to provide an indication of the identity of a calling party, the duration of a voice call, or other voice call related information for example.
- the serial port 930 would normally be implemented in a personal digital assistant (PDA)-type communication device for which synchronization with a user's desktop computer may be desirable, but is an optional device component.
- PDA personal digital assistant
- Such a port 930 would enable a user to set preferences through an external device or software application and would extend the capabilities of the device by providing for information or software downloads to the device 900 other than through a wireless communication network.
- the alternate download path may for example be used to load an encryption key onto the device 900 through a direct and thus reliable and trusted connection to thereby enable secure device communication.
- a short-range communications subsystem 940 is a further optional component which may provide for communication between the device 900 and different systems or devices, which need not necessarily be similar devices.
- the subsystem 940 may include an infrared device and associated circuits and components or a BluetoothTM communication module to provide for communication with similarly-enabled systems and devices.
- FIGS. 11-13 describe additional communication systems in which the systems and methods disclosed herein may be used.
- FIG. 11 is a block diagram showing an example communication system.
- a computer system 802 there is shown a computer system 802 , a WAN 804 , corporate LAN 806 behind a security firewall 808 , wireless infrastructure 810 , wireless networks 812 and 814 , and mobile devices 816 and 818 .
- the corporate LAN 806 includes a message server 820 , a wireless connector system 828 , a data store 817 including at least a plurality of mailboxes 819 , a desktop computer system 822 having a communication link directly to a mobile device such as through physical connection 824 to an interface or connector 826 , and a wireless VPN router 832 . Operation of the system in FIG. 11 will be described below with reference to the messages 833 , 834 and 836 .
- the computer system 802 may, for example, be a laptop, desktop or palmtop computer system configured for connection to the WAN 804 . Such a computer system may connect to the WAN 804 via an ISP or ASP. Alternatively, the computer system 802 may be a network-connected computer system that, like the computer system 822 for example, accesses the WAN 804 through a LAN or other network. Many modern mobile devices are enabled for connection to a WAN through various infrastructure and gateway arrangements, so that the computer system 802 may also be a mobile device.
- the corporate LAN 806 is an illustrative example of a central, server-based messaging system that has been enabled for wireless communications.
- the corporate LAN 806 may be referred to as a “host system”, in that it hosts both a data store 817 with mailboxes 819 for messages, as well as possibly further data stores for other data items, that may be sent to or received from mobile devices 816 and 818 , and the wireless connector system 828 , the wireless VPN router 832 , or possibly other components enabling communications between the corporate LAN 806 and one or more mobile devices 816 and 818 .
- a host system may be one or more computers at, with or in association with which a wireless connector system is operating.
- the corporate LAN 806 is one preferred embodiment of a host system, in which the host system is a server computer running within a corporate network environment operating behind and protected by at least one security communications firewall 808 .
- Other possible central host systems include ISP, ASP and other service provider or mail systems.
- the desktop computer system 824 and interface/connector 826 may be located outside such host systems, wireless communication operations may be similar to those described below.
- the corporate LAN 806 implements the wireless connector system 828 as an associated wireless communications enabling component, which will normally be a software program, a software application, or a software component built to work with at least one or more message server.
- the wireless connector system 828 is used to send user-selected information to, and to receive information from, one or more mobile devices 816 and 818 , via one or more wireless networks 812 and 814 .
- the wireless connector system 828 may be a separate component of a messaging system, as shown in FIG. 11 , or may instead be partially or entirely incorporated into other communication system components.
- the message server 820 may incorporate a software program, application, or component implementing the wireless connector system 828 , portions thereof, or some or all of its functionality.
- the message server 820 running on a computer behind the firewall 808 , acts as the main interface for the corporation to exchange messages, including for example electronic mail, calendaring data, voice mail, electronic documents, and other PIM data with the WAN 804 , which will typically be the Internet.
- the particular intermediate operations and computers will be dependent upon the specific type of message delivery mechanisms and networks via which messages are exchanged, and therefore have not been shown in FIG. 11 .
- the functionality of the message server 820 may extend beyond message sending and receiving, providing such features as dynamic database storage for data like calendars, to-do lists, task lists, e-mail and documentation, as described above.
- Message servers such as 820 normally maintain a plurality of mailboxes 819 in one or more data stores such as 817 for each user having an account on the server.
- the data store 817 includes mailboxes 819 for a number of (“n”) user accounts.
- Messages received by the message server 820 that identify a user, a user account, a mailbox, or possibly another address associated with a user, account or mailbox 819 as a message recipient will typically be stored in the corresponding mailbox 819 . If a message is addressed to multiple recipients or a distribution list, then copies of the same message may be stored to more than one mailbox 819 .
- the message server 820 may store a single copy of such a message in a data store accessible to all of the users having an account on the message server, and store a pointer or other identifier in each recipient's mailbox 819 .
- each user may then access his or her mailbox 819 and its contents using a messaging client such as Microsoft Outlook or Lotus Notes, which normally operates on a PC, such as the desktop computer system 822 , connected in the LAN 806 .
- a messaging client such as Microsoft Outlook or Lotus Notes, which normally operates on a PC, such as the desktop computer system 822 , connected in the LAN 806 .
- a LAN will typically contain many desktop, notebook and laptop computer systems.
- Each messaging client normally accesses a mailbox 819 through the message server 820 , although in some systems, a messaging client may enable direct access to the data store 817 and a mailbox 819 stored thereon by the desktop computer system 822 . Messages may also be downloaded from the data store 817 to a local data store on the desktop computer system 822 .
- the wireless connector system 828 operates in conjunction with the message server 820 .
- the wireless connector system 828 may reside on the same computer system as the message server 820 , or may instead be implemented on a different computer system.
- Software implementing the wireless connector system 828 may also be partially or entirely integrated with the message server 820 .
- the wireless connector system 828 and the message server 820 are preferably designed to cooperate and interact to allow the pushing of information to mobile devices 816 , 818 .
- the wireless connector system 828 is preferably configured to send information that is stored in one or more data stores associated with the corporate LAN 806 to one or more mobile devices 816 , 818 , through the corporate firewall 808 and via the WAN 804 and one of the wireless networks 812 , 814 .
- a user that has an account and associated mailbox 819 in the data store 817 may also have a mobile device, such as 816 .
- messages received by the message server 820 that identify a user, account or mailbox 819 are stored to a corresponding mailbox 819 by the message server 820 .
- messages received by the message server 820 and stored to the user's mailbox 819 are preferably detected by the wireless connector system 828 and sent to the user's mobile device 816 .
- This type of functionality represents a “push” message sending technique.
- the wireless connector system 828 may instead employ a “pull” technique, in which items stored in a mailbox 819 are sent to a mobile device 816 , 818 responsive to a request or access operation made using the mobile device, or some combination of both techniques.
- a wireless connector 828 thereby enables a messaging system including a message server 820 to be extended so that each user's mobile device 816 , 818 has access to stored messages of the message server 820 .
- FIG. 11 there are several paths for exchanging information with a mobile device 816 , 818 from the corporate LAN 806 .
- One possible information transfer path is through the physical connection 824 such as a serial port, using an interface or connector 826 .
- This path may be useful for example for bulk information updates often performed at initialization of a mobile device 816 , 818 or periodically when a user of a mobile device 816 , 818 is working at a computer system in the LAN 806 , such as the computer system 822 .
- PIM data is commonly exchanged over such a connection, for example a serial port connected to an appropriate interface or connector 826 such as a cradle in or upon which a mobile device 816 , 818 may be placed.
- the physical connection 824 may also be used to transfer other information from a desktop computer system 822 to a mobile device 816 , 818 , including private security keys (“private keys”) such as private encryption or signature keys associated with the desktop computer system 822 , or other relatively bulky information such as Certs and CRLs, used in some secure messaging schemes such as S/MIME and PGP.
- private keys such as private encryption or signature keys associated with the desktop computer system 822
- Certs and CRLs used in some secure messaging schemes such as S/MIME and PGP.
- Private key exchange using a physical connection 824 and connector or interface 826 allows a user's desktop computer system 822 and mobile device 816 or 818 to share at least one identity for accessing all encrypted and/or signed mail.
- the user's desktop computer system 822 and mobile device 816 or 818 can also thereby share private keys so that either the host system 822 or mobile device 816 or 818 can process secure messages addressed to the user's mailbox or account on the message server 820 .
- the transfer of Certs and CRLs over such a physical connection may be desirable in that they represent a large amount of the data that is required for S/MIME, PGP and other public key security methods.
- a user's own Cert, a chain of Cert(s) used to verify the user's Cert, and CRL, as well as Certs, Cert chains and CRLs for other users, may be loaded onto a mobile device 816 , 818 from the user's desktop computer system 822 .
- This loading of other user's Certs and CRLs onto a mobile device 816 , 818 allows a mobile device user to select other entities or users with whom they might be exchanging secure messages, and to pre-load the bulky information onto the mobile device through a physical connection instead of over the air, thus saving time and wireless bandwidth when a secure message is received from or to be sent to such other users, or when the status of a Cert is to be determined.
- a physical path has also been used to transfer messages from mailboxes 819 associated with a message server 820 to mobile devices 816 and 818 .
- Another method for data exchange with a mobile device 816 , 818 is over-the-air, through the wireless connector system 828 and using wireless networks 812 , 814 .
- this could involve a Wireless VPN router 832 , if available in the network 806 , or, alternatively, a traditional WAN connection to wireless infrastructure 810 that provides an interface to one or more wireless networks 812 , 814 .
- the Wireless VPN router 832 provides for creation of a VPN connection directly through a specific wireless network 812 to a wireless device 816 .
- Such a Wireless VPN router 832 may be used in conjunction with a static addressing scheme.
- IPV6 would provide enough IP addresses to dedicate an IP address to every mobile device 816 configured to operate within the network 812 and thus make it possible to push information to a mobile device 816 at any time.
- a primary advantage of using a wireless VPN router 832 is that it could be an off-the-shelf VPN component which would not require wireless infrastructure 810 .
- a VPN connection may use a TCP/IP or UDP/IP connection to deliver messages directly to and from a mobile device 816 .
- wireless infrastructure 810 is preferably used. The wireless infrastructure 810 may also determine a most likely wireless network for locating a given user, and track users as they roam between countries or networks. In wireless networks such as 812 and 814 , messages are normally delivered to and from mobile devices 816 , 818 via RF transmissions between base stations and the mobile devices 816 , 818 .
- a plurality of connections to wireless networks 812 and 814 may be provided, including, for example, ISDN, Frame Relay or T1 connections using the TCP/IP protocol used throughout the Internet.
- the wireless networks 812 and 814 could represent distinct, unique and unrelated networks, or they could represent the same network in different countries, and may be any of different types of networks, including but not limited to, data-centric wireless networks, voice-centric wireless networks, and dual-mode networks that can support both voice and data communications over the same or similar infrastructure, such as any of those described above.
- more than one over-the-air information exchange mechanism may be provided in the corporate LAN 806 .
- mobile devices 816 , 818 associated with users having mailboxes 819 associated with user accounts on the message server 820 are configured to operate on different wireless networks 812 and 814 . If the wireless network 812 supports IPv6 addressing, then the wireless VPN router 832 may be used by the wireless connector system 828 to exchange data with any mobile device 816 operating within the wireless network 812 .
- the wireless network 814 may be a different type of wireless network, however, such as the Mobitex network, in which case information may instead be exchanged with a mobile device 818 operating within the wireless network 814 by the wireless connector system 828 via a connection to the WAN 804 and the wireless infrastructure 810 .
- the e-mail message 833 is intended for illustrative purposes only.
- the exchange of other types of information between the corporate LAN 806 is preferably also enabled by the wireless connector system 828 .
- the e-mail message 833 sent from the computer system 802 via the WAN 804 , may be fully in the clear, or signed with a digital signature and/or encrypted, depending upon the particular messaging scheme used. For example, if the computer system 802 is enabled for secure messaging using S/MIME, then the e-mail message 833 may be signed, encrypted, or both.
- E-mail messages such as 833 normally use traditional SMTP, RFC822 headers and MIME body parts to define the format of the e-mail message. These techniques are all well known to one in the art.
- the e-mail message 833 arrives at the message server 820 , which determines into which mailboxes 819 the e-mail message 833 should be stored.
- a message such as the e-mail message 833 may include a user name, a user account, a mailbox identifier, or other type of identifier that may be mapped to a particular account or associated mailbox 819 by the message server 820 .
- recipients are typically identified using e-mail addresses corresponding to a user account and thus a mailbox 819 .
- the wireless connector system 828 sends or mirrors, via a wireless network 812 or 814 , certain user-selected data items or parts of data items from the corporate LAN 806 to the user's mobile device 816 or 818 , preferably upon detecting that one or more triggering events has occurred.
- a triggering event includes, but is not limited to, one or more of the following: screen saver activation at a user's networked computer system 822 , disconnection of the user's mobile device 816 or 818 from the interface 826 , or receipt of a command sent from a mobile device 816 or 818 to the host system to start sending one or more messages stored at the host system.
- the wireless connector system 828 may detect triggering events associated with the message server 820 , such as receipt of a command, or with one or more networked computer systems 822 , including the screen saver and disconnection events described above.
- triggering events associated with the message server 820 such as receipt of a command, or with one or more networked computer systems 822 , including the screen saver and disconnection events described above.
- data items selected by the user are preferably sent to the user's mobile device.
- the e-mail message 833 assuming that a triggering event has been detected, the arrival of the message 833 at the message server 820 is detected by the wireless connector system 828 .
- the wireless connector system 828 may register for advise syncs provided by the Microsoft Messaging Application Programming Interface (MAPI) to thereby receive notifications when a new message is stored to a mailbox 819 .
- MMI Microsoft Messaging Application Programming Interface
- the wireless connector system 828 When a data item such as the e-mail message 833 is to be sent to a mobile device 816 or 818 , the wireless connector system 828 preferably repackages the data item in a manner that is transparent to the mobile device, so that information sent to and received by the mobile device appears similar to the information as stored on and accessible at the host system, LAN 806 in FIG. 11 .
- One preferred repackaging method includes wrapping received messages to be sent via a wireless network 812 , 814 in an electronic envelope that corresponds to the wireless network address of the mobile device 816 , 818 to which the message is to be sent.
- other repackaging methods could be used, such as special-purpose TCP/IP wrapping techniques.
- Such repackaging preferably also results in e-mail messages sent from a mobile device 816 or 818 appearing to come from a corresponding host system account or mailbox 819 even though they are composed and sent from a mobile device.
- a user of a mobile device 816 or 818 may thereby effectively share a single e-mail address between a host system account or mailbox 819 and the mobile device.
- Repackaging of the e-mail message 833 is indicated at 834 and 836 .
- Repackaging techniques may be similar for any available transfer paths or may be dependent upon the particular transfer path, either the wireless infrastructure 810 or the wireless VPN router 832 .
- the e-mail message 833 is preferably compressed and encrypted, either before or after being repackaged at 834 , to thereby effectively provide for secure transfer to the mobile device 818 . Compression reduces the bandwidth required to send the message, whereas encryption ensures confidentiality of any messages or other information sent to mobile devices 816 and 818 .
- messages transferred via a VPN router 832 might only be compressed and not encrypted, since a VPN connection established by the VPN router 832 is inherently secure.
- Messages are thereby securely sent, via either encryption at the wireless connector system 828 , which may be considered a non-standard VPN tunnel or a VPN-like connection for example, or the VPN router 832 , to mobile devices 816 and 818 . Accessing messages using a mobile device 816 or 818 is thus no less secure than accessing mailboxes at the LAN 806 using the desktop computer system 822 .
- a repackaged message 834 or 836 arrives at a mobile device 816 or 818 , via the wireless infrastructure 810 , or via the wireless VPN router 832 , the mobile device 816 or 818 removes the outer electronic envelope from the repackaged message 834 or 836 , and performs any required decompression and decryption operations.
- Messages sent from a mobile device 816 or 818 and addressed to one or more recipients are preferably similarly repackaged, and possibly compressed and encrypted, and sent to a host system such as the LAN 806 . The host system may then remove the electronic envelope from the repackaged message, decrypt and decompress the message if desired, and route the message to the addressed recipients.
- Another goal of using an outer envelope is to maintain at least some of the addressing information in the original e-mail message 833 .
- the outer envelope used to route information to mobile devices 816 , 818 is addressed using a network address of one or more mobile devices, the outer envelope preferably encapsulates the entire original e-mail message 833 , including at least one address field, possibly in compressed and/or encrypted form. This allows original “To”, “From” and “CC” addresses of the e-mail message 833 to be displayed when the outer envelope is removed and the message is displayed on a mobile device 816 or 818 .
- the repackaging also allows reply messages to be delivered to addressed recipients, with the “From” field reflecting an address of the mobile device user's account or mailbox on the host system, when the outer envelope of a repackaged outgoing message sent from a mobile device is removed by the wireless connector system 828 .
- the user's account or mailbox address from the mobile device 816 or 818 allows a message sent from a mobile device to appear as though the message originated from the user's mailbox 819 or account at the host system rather than the mobile device.
- FIG. 12 is a block diagram of an alternative exemplary communication system, in which wireless communications are enabled by a component associated with an operator of a wireless network.
- the system includes a computer system 802 , WAN 804 , a corporate LAN 807 located behind a security firewall 808 , network operator infrastructure 840 , a wireless network 811 , and mobile devices 813 and 815 .
- the computer system 802 , WAN 804 , security firewall 808 , message server 820 , data store 817 , mailboxes 819 , and VPN router 835 are substantially the same as the similarly-labelled components in FIG. 11 .
- the VPN router 835 communicates with the network operator infrastructure 840 , it need not necessarily be a wireless VPN router in the system of FIG. 12 .
- the network operator infrastructure 840 enables wireless information exchange between the LAN 807 and mobile devices 813 , 815 , respectively associated with the computer systems 842 and 852 and configured to operate within the wireless network 811 .
- a plurality of desktop computer systems 842 , 852 are shown, each having a physical connection 846 , 856 to an interface or connector 848 , 858 .
- a wireless connector system 844 , 854 is operating on or in conjunction with each computer system 842 , 852 .
- the wireless connector systems 844 , 854 are similar to the wireless connector system 828 described above, in that it enables data items, such as e-mail messages and other items that are stored in mailboxes 819 , and possibly data items stored in a local or network data store, to be sent from the LAN 807 to one or more mobile devices 813 , 815 .
- the network operator infrastructure 840 provides an interface between the mobile devices 813 , 815 and the LAN 807 .
- operation of the system shown in FIG. 12 will be described below in the context of an e-mail message as an illustrative example of a data item that may be sent to a mobile device 813 , 815 .
- the message server 820 When an e-mail message 833 , addressed to one or more recipients having an account on the message server 820 , is received by the message server 820 , the message, or possibly a pointer to a single copy of the message stored in a central mailbox or data store, is stored into the mailbox 819 of each such recipient. Once the e-mail message 833 or pointer has been stored to a mailbox 819 , it may preferably be accessed using a mobile device 813 or 815 . In the example shown in FIG. 12 , the e-mail message 833 has been addressed to the mailboxes 819 associated with both desktop computer systems 842 and 852 and thus both mobile devices 813 and 815 .
- Communication network protocols commonly used in wired networks such as the LAN 807 and/or the WAN 804 may not be suitable or compatible with wireless network communication protocols used within wireless networks such as 811 .
- communication bandwidth, protocol overhead and network latency, which are primary concerns in wireless network communications are less significant in wired networks, which typically have much higher capacity and speed than wireless networks. Therefore, mobile devices 813 and 815 cannot normally access the data store 817 directly.
- the network operator infrastructure 840 provides a bridge between the wireless network 811 and the LAN 807 .
- the network operator infrastructure 840 enables a mobile device 813 , 815 to establish a connection to the LAN 807 through the WAN 804 , and may, for example, be operated by an operator of the wireless network 811 or a service provider that provides wireless communication service for mobile devices 813 and 815 .
- a mobile device 813 , 815 may establish a communication session with the network operator infrastructure 840 using a wireless network compatible communication scheme, preferably a secure scheme such as Wireless Transport Layer Security (WTLS) when information should remain confidential, and a wireless web browser such as a Wireless Application Protocol (WAP) browser.
- WTLS Wireless Transport Layer Security
- WAP Wireless Application Protocol
- a user may then request (through manual selection or pre-selected defaults in the software residing in the mobile device) any or all information, or just new information for example, stored in a mailbox 819 in the data store 817 at the LAN 807 .
- the network operator infrastructure 840 then establishes a connection or session with a wireless connector system 844 , 854 , using Secure Hypertext Transfer Protocol (HTTPS) for example, if no session has already been established.
- HTTPS Secure Hypertext Transfer Protocol
- a session between the network operator infrastructure 840 and a wireless connector system 844 , 854 may be made via a typical WAN connection or through the VPN router 835 if available.
- the network operator infrastructure 840 and the wireless connector systems 844 , 854 may be configured so that a communication connection remains open once established.
- requests originating from mobile device A 813 and B 815 would be sent to the wireless connector systems 844 and 854 , respectively.
- a wireless connector system 844 , 854 retrieves requested information from a data store.
- the wireless connector system 844 , 854 retrieves the e-mail message 833 from the appropriate mailbox 819 , typically through a messaging client operating in conjunction with the computer system 842 , 852 , which may access a mailbox 819 either via the message server 820 or directly.
- a wireless connector system 844 , 854 may be configured to access mailboxes 819 itself, directly or through the message server 820 .
- both network data stores similar to the data store 817 and local data stores associated with each computer system 842 , 852 may be accessible to a wireless connector system 844 , 854 , and thus to a mobile device 813 , 815 .
- the e-mail message 833 may be sent to the network operator infrastructure 840 as shown at 860 and 862 , which then sends a copy of the e-mail message to each mobile device 813 and 815 , as indicated at 864 and 866 .
- Information may be transferred between the wireless connector systems 844 , 854 and the network operator infrastructure 840 via either a connection to the WAN 804 or the VPN router 835 .
- translation operations may be performed by the network operator infrastructure 840 .
- Repackaging techniques may also be used between the wireless connector systems 844 , 854 and the network operator infrastructure 840 , and between each mobile device 813 , 815 and the network operator infrastructure 840 .
- Messages or other information to be sent from a mobile device 813 , 815 may be processed in a similar manner, with such information first being transferred from a mobile device 813 , 815 to the network operator infrastructure 840 .
- the network operator infrastructure 840 may then send the information to a wireless connector system 844 , 854 for storage in a mailbox 819 and delivery to any addressed recipients by the message server 820 for example, or may alternatively deliver the information to the addressed recipients.
- the above description of the system in FIG. 12 relates to pull-based operations.
- the wireless connector systems 844 , 854 and the network operator infrastructure may instead be configured to push data items to mobile devices 813 and 815 .
- a combined push/pull system is also possible. For example, a notification of a new message or a list of data items currently stored in a data store at the LAN 807 could be pushed to a mobile device 813 , 815 , which may then be used to request messages or data items from the LAN 807 via the network operator infrastructure 840 .
- each wireless network may have an associated wireless network infrastructure component similar to 840 .
- wireless connector systems 844 , 854 may preferably be configured to operate in conjunction with more than one computer system 842 , 852 , or to access a data store or mailbox 819 associated with more than one computer system.
- the wireless connector system 844 may be granted access to the mailboxes 819 associated with both the computer system 842 and the computer system 852 . Requests for data items from either mobile device A 813 or B 815 may then be processed by the wireless connector system 844 .
- This configuration may be useful to enable wireless communications between the LAN 807 and the mobile devices 813 and 815 without requiring a desktop computer system 842 , 852 to be running for each mobile device user.
- a wireless connector system may instead be implemented in conjunction with the message server 820 to enable wireless communications.
- FIG. 13 is a block diagram of another alternative communication system.
- the system includes a computer system 802 , WAN 804 , a corporate LAN 809 located behind a security firewall 808 , an access gateway 880 , data store 882 , wireless networks 884 and 886 , and mobile devices 888 and 890 .
- the computer system 802 , WAN 804 , security firewall 808 , message server 820 , data store 817 , mailboxes 819 , desktop computer system 822 , physical connection 824 , interface or connector 826 and VPN router 835 are substantially the same as the corresponding components described above.
- the access gateway 880 and data store 882 provide mobile devices 888 and 890 with access to data items stored at the LAN 809 .
- a wireless connector system 878 operates on or in conjunction with the message server 820 , although a wireless connector system may instead operate on or in conjunction with one or more desktop computer systems in the LAN 809 .
- the wireless connector system 878 provides for transfer of data items stored at the LAN 809 to one or more mobile devices 888 , 890 .
- These data items preferably include e-mail messages stored in mailboxes 819 in the data store 817 , as well as possibly other items stored in the data store 817 or another network data store or a local data store of a computer system such as 822 .
- an e-mail message 833 addressed to one or more recipients having an account on the message server 820 and received by the message server 820 may be stored into the mailbox 819 of each such recipient.
- the external data store 882 preferably has a similar structure to, and remains synchronized with, the data store 817 .
- PIM information or data stored at data store 882 preferably is independently modifiable to the PIM information or data stored at the host system.
- the independently modifiable information at the external data store 882 may maintain synchronization of a plurality of data stores associated with a user (i.e., data on a mobile device, data on a personal computer at home, data at the corporate LAN, etc.).
- This synchronization may be accomplished, for example, through updates sent to the data store 882 by the wireless connector system 878 at certain time intervals, each time an entry in the data store 817 is added or changed, at certain times of day, or when initiated at the LAN 809 , by the message server 820 or a computer system 822 , at the data store 882 , or possibly by a mobile device 888 , 890 through the access gateway 880 .
- an update sent to the data store 882 some time after the e-mail message 833 is received may indicate that the message 833 has been stored in a certain mailbox 819 in the store 817 , and a copy of the e-mail message will be stored to a corresponding storage area in the data store 882 .
- the e-mail message 833 has been stored in the mailboxes 819 corresponding to the mobile devices 888 and 890 for example, one or more copies of the e-mail message, indicated at 892 and 894 in FIG. 13 , will be sent to and stored in corresponding storage areas or mailboxes in the data store 882 .
- updates or copies of stored information in the data store 817 may be sent to the data store 882 via a connection to the WAN 804 or the VPN router 835 .
- the wireless connector system 878 may post updates or stored information to a resource in the data store 882 via an HTTP post request.
- a secure protocol such as HTTPS or Secure Sockets Layer (SSL) may be used.
- a single copy of a data item stored in more than one location in a data store at the LAN 809 may instead be sent to the data store 882 .
- This copy of the data item could then be stored either in more than one corresponding location in the data store 882 , or a single copy may be stored in the data store 882 , with a pointer or other identifier of the stored data item being stored in each corresponding location in the data store 882 .
- the access gateway 880 is effectively an access platform, in that it provides mobile devices 888 and 890 with access to the data store 882 .
- the data store 882 may be configured as a resource accessible on the WAN 804
- the access gateway 880 may be an ISP system or WAP gateway through which mobile devices 888 and 890 may connect to the WAN 804 .
- a WAP browser or other browser compatible with the wireless networks 884 and 886 may then be used to access the data store 882 , which is synchronized with the data store 817 , and download stored data items either automatically or responsive to a request from a mobile device 888 , 890 .
- copies of the e-mail message 833 may be sent to the mobile devices 888 and 890 .
- a data store on each mobile device 888 , 890 may thereby be synchronized with a portion, such as a mailbox 819 , of a data store 817 on a corporate LAN 809 . Changes to a mobile device data store may similarly be reflected in the data stores 882 and 817 .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Mobile Radio Communication Systems (AREA)
- Radar Systems Or Details Thereof (AREA)
- Communication Control (AREA)
Abstract
Description
Claims (19)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/080,025 US9215238B2 (en) | 2002-03-20 | 2013-11-14 | System and method for transmitting and utilizing attachments |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US36553202P | 2002-03-20 | 2002-03-20 | |
PCT/CA2003/000405 WO2003079619A1 (en) | 2002-03-20 | 2003-03-20 | System and method for transmitting and utilizing attachments |
US50864404A | 2004-09-17 | 2004-09-17 | |
US14/080,025 US9215238B2 (en) | 2002-03-20 | 2013-11-14 | System and method for transmitting and utilizing attachments |
Related Parent Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/508,644 Continuation US8615661B2 (en) | 2002-03-20 | 2003-03-20 | System and method for transmitting and utilizing attachments |
PCT/CA2003/000405 Continuation WO2003079619A1 (en) | 2002-03-20 | 2003-03-20 | System and method for transmitting and utilizing attachments |
Publications (2)
Publication Number | Publication Date |
---|---|
US20140075191A1 US20140075191A1 (en) | 2014-03-13 |
US9215238B2 true US9215238B2 (en) | 2015-12-15 |
Family
ID=28042033
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/508,644 Active 2028-11-22 US8615661B2 (en) | 2002-03-20 | 2003-03-20 | System and method for transmitting and utilizing attachments |
US14/080,025 Expired - Fee Related US9215238B2 (en) | 2002-03-20 | 2013-11-14 | System and method for transmitting and utilizing attachments |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/508,644 Active 2028-11-22 US8615661B2 (en) | 2002-03-20 | 2003-03-20 | System and method for transmitting and utilizing attachments |
Country Status (9)
Country | Link |
---|---|
US (2) | US8615661B2 (en) |
EP (2) | EP2141872B1 (en) |
CN (1) | CN1653764B (en) |
AT (1) | ATE445278T1 (en) |
AU (1) | AU2003213909A1 (en) |
CA (1) | CA2479601C (en) |
DE (1) | DE60329584D1 (en) |
HK (1) | HK1071646A1 (en) |
WO (1) | WO2003079619A1 (en) |
Families Citing this family (60)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6438585B2 (en) | 1998-05-29 | 2002-08-20 | Research In Motion Limited | System and method for redirecting message attachments between a host system and a mobile data communication device |
KR100565916B1 (en) | 2001-06-12 | 2006-03-30 | 리서치 인 모션 리미티드 | System and method for compressing secure e-mail for exchange with a mobile data communication device |
IL159342A0 (en) | 2001-06-12 | 2004-06-01 | Research In Motion Ltd | Certificate management and transfer system and method |
KR100576558B1 (en) * | 2001-06-12 | 2006-05-08 | 리서치 인 모션 리미티드 | System and method for processing encoded messages for exchange with a mobile data communication device |
BRPI0211093B1 (en) | 2001-07-10 | 2016-09-06 | Blackberry Ltd | system and method for caching secure message key on a mobile communication device |
CA2456839C (en) | 2001-08-06 | 2010-05-18 | Research In Motion Limited | System and method for processing encoded messages |
US7266557B2 (en) * | 2003-06-25 | 2007-09-04 | International Business Machines Corporation | File retrieval method and system |
US7979448B2 (en) * | 2003-06-25 | 2011-07-12 | International Business Machines Corporation | Mail and calendar tool and method |
US20050138388A1 (en) * | 2003-12-19 | 2005-06-23 | Robert Paganetti | System and method for managing cross-certificates copyright notice |
US8050653B2 (en) * | 2004-03-22 | 2011-11-01 | Research In Motion Limited | System and method for viewing message attachments |
US20060035627A1 (en) * | 2004-07-13 | 2006-02-16 | Mukesh Prasad | Wireless distribution-point content insertion |
US20060036849A1 (en) * | 2004-08-09 | 2006-02-16 | Research In Motion Limited | System and method for certificate searching and retrieval |
US9094429B2 (en) * | 2004-08-10 | 2015-07-28 | Blackberry Limited | Server verification of secure electronic messages |
US7549043B2 (en) | 2004-09-01 | 2009-06-16 | Research In Motion Limited | Providing certificate matching in a system and method for searching and retrieving certificates |
US7631183B2 (en) | 2004-09-01 | 2009-12-08 | Research In Motion Limited | System and method for retrieving related certificates |
US7640428B2 (en) * | 2004-09-02 | 2009-12-29 | Research In Motion Limited | System and method for searching and retrieving certificates |
WO2006135216A1 (en) * | 2005-06-16 | 2006-12-21 | Samsung Electronics Co., Ltd. | System and method for tunnel management over a 3g-wlan interworking system |
US7653696B2 (en) * | 2005-07-29 | 2010-01-26 | Research In Motion Limited | Method and apparatus for processing digitally signed messages to determine address mismatches |
EP1803249B1 (en) * | 2005-10-14 | 2010-04-07 | Research In Motion Limited | System and method for protecting master encryption keys |
US7953971B2 (en) * | 2005-10-27 | 2011-05-31 | Research In Motion Limited | Synchronizing certificates between a device and server |
US8191105B2 (en) * | 2005-11-18 | 2012-05-29 | Research In Motion Limited | System and method for handling electronic messages |
US8355701B2 (en) | 2005-11-30 | 2013-01-15 | Research In Motion Limited | Display of secure messages on a mobile communication device |
US7840207B2 (en) * | 2005-11-30 | 2010-11-23 | Research In Motion Limited | Display of secure messages on a mobile communication device |
US20070123217A1 (en) * | 2005-11-30 | 2007-05-31 | Research In Motion Limited | Display of secure messages on a mobile communication device |
US9848081B2 (en) * | 2006-05-25 | 2017-12-19 | Celltrust Corporation | Dissemination of real estate information through text messaging |
US7920851B2 (en) * | 2006-05-25 | 2011-04-05 | Celltrust Corporation | Secure mobile information management system and method |
US8280359B2 (en) * | 2006-05-25 | 2012-10-02 | Celltrust Corporation | Methods of authorizing actions |
AU2012216853B2 (en) * | 2006-05-25 | 2015-03-05 | Celltrust Corporation | Secure mobile information management system and method |
US8225380B2 (en) * | 2006-05-25 | 2012-07-17 | Celltrust Corporation | Methods to authenticate access and alarm as to proximity to location |
US9572033B2 (en) | 2006-05-25 | 2017-02-14 | Celltrust Corporation | Systems and methods for encrypted mobile voice communications |
US8260274B2 (en) * | 2006-05-25 | 2012-09-04 | Celltrust Corporation | Extraction of information from e-mails and delivery to mobile phones, system and method |
US8965416B2 (en) * | 2006-05-25 | 2015-02-24 | Celltrust Corporation | Distribution of lottery tickets through mobile devices |
US7814161B2 (en) | 2006-06-23 | 2010-10-12 | Research In Motion Limited | System and method for handling electronic mail mismatches |
US20080214111A1 (en) * | 2007-03-02 | 2008-09-04 | Celltrust Corporation | Lost phone alarm system and method |
US7949355B2 (en) * | 2007-09-04 | 2011-05-24 | Research In Motion Limited | System and method for processing attachments to messages sent to a mobile device |
US8254582B2 (en) | 2007-09-24 | 2012-08-28 | Research In Motion Limited | System and method for controlling message attachment handling functions on a mobile device |
JP5153358B2 (en) * | 2008-01-23 | 2013-02-27 | インターナショナル・ビジネス・マシーンズ・コーポレーション | E-mail display program, method, apparatus and system |
CN102037708A (en) | 2008-03-28 | 2011-04-27 | 赛尔特拉斯特公司 | Systems and methods for secure short messaging service and multimedia messaging service |
US9240978B2 (en) * | 2008-12-31 | 2016-01-19 | Verizon Patent And Licensing Inc. | Communication system having message encryption |
US20120026002A1 (en) * | 2009-12-07 | 2012-02-02 | Halliburton Energy Services Inc. | System and Method for Remote Well Monitoring |
US8447819B2 (en) | 2010-07-09 | 2013-05-21 | Robert Paul Morris | Methods, systems, and computer program products for processing a request for a resource in a communication |
US10171392B1 (en) | 2010-07-09 | 2019-01-01 | Gummarus LLC | Methods, systems, and computer program products for processing a request for a resource in a communication |
US10015122B1 (en) | 2012-10-18 | 2018-07-03 | Sitting Man, Llc | Methods and computer program products for processing a search |
US10212112B1 (en) | 2010-07-09 | 2019-02-19 | Gummarus LLC | Methods, systems, and computer program products for processing a request for a resource in a communication |
US10419374B1 (en) | 2010-07-09 | 2019-09-17 | Gummarus, Llc | Methods, systems, and computer program products for processing a request for a resource in a communication |
US20120011444A1 (en) * | 2010-07-09 | 2012-01-12 | Robert Paul Morris | Methods, systems, and computer program products for referencing an attachment in a communication |
US10158590B1 (en) | 2010-07-09 | 2018-12-18 | Gummarus LLC | Methods, systems, and computer program products for processing a request for a resource in a communication |
US8516062B2 (en) | 2010-10-01 | 2013-08-20 | @Pay Ip Holdings Llc | Storage, communication, and display of task-related data |
US8918467B2 (en) * | 2010-10-01 | 2014-12-23 | Clover Leaf Environmental Solutions, Inc. | Generation and retrieval of report information |
US9524531B2 (en) * | 2011-05-09 | 2016-12-20 | Microsoft Technology Licensing, Llc | Extensibility features for electronic communications |
US20120314865A1 (en) * | 2011-06-07 | 2012-12-13 | Broadcom Corporation | NFC Communications Device for Setting Up Encrypted Email Communication |
US9659165B2 (en) | 2011-09-06 | 2017-05-23 | Crimson Corporation | Method and apparatus for accessing corporate data from a mobile device |
US10013158B1 (en) | 2012-09-22 | 2018-07-03 | Sitting Man, Llc | Methods, systems, and computer program products for sharing a data object in a data store via a communication |
US10021052B1 (en) | 2012-09-22 | 2018-07-10 | Sitting Man, Llc | Methods, systems, and computer program products for processing a data object identification request in a communication |
US10033672B1 (en) | 2012-10-18 | 2018-07-24 | Sitting Man, Llc | Methods and computer program products for browsing using a communicant identifier |
US10019135B1 (en) | 2012-10-18 | 2018-07-10 | Sitting Man, Llc | Methods, and computer program products for constraining a communication exchange |
US10789594B2 (en) | 2013-01-31 | 2020-09-29 | Moshir Vantures, Limited, LLC | Method and system to intelligently assess and mitigate security risks on a mobile device |
US10733146B2 (en) * | 2014-09-30 | 2020-08-04 | Apple Inc. | Inline keyed metadata |
US20160241502A1 (en) * | 2015-02-12 | 2016-08-18 | Unify Gmbh & Co. Kg | Method for Generating an Electronic Message on an Electronic Mail Client System, Computer Program Product for Executing the Method, Computer Readable Medium Having Code Stored Thereon that Defines the Method, and a Communications Device |
US9953841B2 (en) * | 2015-05-08 | 2018-04-24 | Macronix International Co., Ltd. | Semiconductor device and method of fabricating the same |
Citations (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5647002A (en) | 1995-09-01 | 1997-07-08 | Lucent Technologies Inc. | Synchronization of mailboxes of different types |
US5884246A (en) | 1996-12-04 | 1999-03-16 | Transgate Intellectual Properties Ltd. | System and method for transparent translation of electronically transmitted messages |
EP0950969A2 (en) | 1998-04-17 | 1999-10-20 | Siemens Information and Communication Networks Inc. | Method and system for out-tasking conversions of message attachments |
US6205432B1 (en) | 1998-06-05 | 2001-03-20 | Creative Internet Concepts, Llc | Background advertising system |
US20010002485A1 (en) | 1995-01-17 | 2001-05-31 | Bisbee Stephen F. | System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents |
US20010005864A1 (en) | 1998-05-29 | 2001-06-28 | Mousseau Gary P. | System and method for redirecting message attachments between a host system and a mobile data communication device |
US20010034225A1 (en) | 2000-02-11 | 2001-10-25 | Ash Gupte | One-touch method and system for providing email to a wireless communication device |
US20020016818A1 (en) * | 2000-05-11 | 2002-02-07 | Shekhar Kirani | System and methodology for optimizing delivery of email attachments for disparate devices |
WO2002013031A1 (en) | 2000-08-04 | 2002-02-14 | Uniwis Co., Ltd | Apparatus and method for connecting and serving an e-mail using wireless terminal |
US6367013B1 (en) | 1995-01-17 | 2002-04-02 | Eoriginal Inc. | System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents |
US20020059144A1 (en) | 2000-04-28 | 2002-05-16 | Meffert Gregory J. | Secured content delivery system and method |
US20020078351A1 (en) | 2000-10-13 | 2002-06-20 | Garib Marco Aurelio | Secret key Messaging |
US20020087536A1 (en) | 2001-01-04 | 2002-07-04 | Ferguson Helaman David Pratt | Methods for reproducing and recreating original data |
US20020120693A1 (en) | 2001-02-27 | 2002-08-29 | Rudd Michael L. | E-mail conversion service |
US20020178353A1 (en) | 2001-04-11 | 2002-11-28 | Graham Randall James | Secure messaging using self-decrypting documents |
US20030037261A1 (en) | 2001-03-26 | 2003-02-20 | Ilumin Corporation | Secured content delivery system and method |
US20030044012A1 (en) | 2001-08-31 | 2003-03-06 | Sharp Laboratories Of America, Inc. | System and method for using a profile to encrypt documents in a digital scanner |
US20030050933A1 (en) | 2001-09-06 | 2003-03-13 | Desalvo Christopher J. | System and method of distributing a file by email |
US20030054810A1 (en) | 2000-11-15 | 2003-03-20 | Chen Yih-Farn Robin | Enterprise mobile server platform |
US20030065941A1 (en) * | 2001-09-05 | 2003-04-03 | Ballard Clinton L. | Message handling with format translation and key management |
US20030081791A1 (en) | 2001-10-26 | 2003-05-01 | Hewlett-Packard Co., | Message exchange in an information technology network |
US20030093565A1 (en) * | 2001-07-03 | 2003-05-15 | Berger Adam L. | System and method for converting an attachment in an e-mail for delivery to a device of limited rendering capability |
US20030099334A1 (en) | 2001-11-28 | 2003-05-29 | Contractor Sunil H. | Transferring voice mail messages to a data network |
US20030126214A1 (en) | 2001-10-04 | 2003-07-03 | Mike Oliszewski | Document management system |
US20030142364A1 (en) * | 2002-01-29 | 2003-07-31 | Comverse, Ltd. | Encrypted e-mail message retrieval system |
US20030154371A1 (en) | 2001-02-14 | 2003-08-14 | Adrian Filipi-Martin | Automated electronic messaging encryption system |
US20030208546A1 (en) | 2002-05-02 | 2003-11-06 | Desalvo Christopher Joseph | System and method for processing message attachments |
US20040054886A1 (en) | 1998-11-03 | 2004-03-18 | Dickinson Robert D. | E-mail firewall with stored key encryption/decryption |
US6732101B1 (en) | 2000-06-15 | 2004-05-04 | Zix Corporation | Secure message forwarding system detecting user's preferences including security preferences |
US20040088585A1 (en) | 2001-10-16 | 2004-05-06 | Kaler Christopher J. | Flexible electronic message security mechanism |
US20040133520A1 (en) | 2003-01-07 | 2004-07-08 | Callas Jonathan D. | System and method for secure and transparent electronic communication |
US20040165603A1 (en) | 2002-10-16 | 2004-08-26 | D'angelo Leo A. | Enhancing messaging services using translation gateways |
US20050143136A1 (en) | 2001-06-22 | 2005-06-30 | Tvsi Lev | Mms system and method with protocol conversion suitable for mobile/portable handset display |
US20050278448A1 (en) | 2003-07-18 | 2005-12-15 | Gadi Mazor | System and method for PIN-to-PIN network communications |
US7096355B1 (en) | 1999-04-26 | 2006-08-22 | Omniva Corporation | Dynamic encoding algorithms and inline message decryption |
US7328245B1 (en) | 2001-09-14 | 2008-02-05 | Ricoh Co., Ltd. | Remote retrieval of documents |
US7484107B2 (en) | 2004-04-15 | 2009-01-27 | International Business Machines Corporation | Method for selective encryption within documents |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6219694B1 (en) | 1998-05-29 | 2001-04-17 | Research In Motion Limited | System and method for pushing information from a host system to a mobile data communication device having a shared electronic address |
-
2003
- 2003-03-20 EP EP09172351.0A patent/EP2141872B1/en not_active Expired - Lifetime
- 2003-03-20 DE DE60329584T patent/DE60329584D1/en not_active Expired - Lifetime
- 2003-03-20 WO PCT/CA2003/000405 patent/WO2003079619A1/en not_active Application Discontinuation
- 2003-03-20 CN CN038113279A patent/CN1653764B/en not_active Expired - Lifetime
- 2003-03-20 AU AU2003213909A patent/AU2003213909A1/en not_active Abandoned
- 2003-03-20 US US10/508,644 patent/US8615661B2/en active Active
- 2003-03-20 EP EP03709478A patent/EP1488583B1/en not_active Expired - Lifetime
- 2003-03-20 CA CA2479601A patent/CA2479601C/en not_active Expired - Lifetime
- 2003-03-20 AT AT03709478T patent/ATE445278T1/en not_active IP Right Cessation
-
2005
- 2005-03-22 HK HK05102475.5A patent/HK1071646A1/en not_active IP Right Cessation
-
2013
- 2013-11-14 US US14/080,025 patent/US9215238B2/en not_active Expired - Fee Related
Patent Citations (46)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010002485A1 (en) | 1995-01-17 | 2001-05-31 | Bisbee Stephen F. | System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents |
US6367013B1 (en) | 1995-01-17 | 2002-04-02 | Eoriginal Inc. | System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents |
US7162635B2 (en) | 1995-01-17 | 2007-01-09 | Eoriginal, Inc. | System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents |
US5647002A (en) | 1995-09-01 | 1997-07-08 | Lucent Technologies Inc. | Synchronization of mailboxes of different types |
US5884246A (en) | 1996-12-04 | 1999-03-16 | Transgate Intellectual Properties Ltd. | System and method for transparent translation of electronically transmitted messages |
US6092114A (en) | 1998-04-17 | 2000-07-18 | Siemens Information And Communication Networks, Inc. | Method and system for determining the location for performing file-format conversions of electronics message attachments |
EP0950969A2 (en) | 1998-04-17 | 1999-10-20 | Siemens Information and Communication Networks Inc. | Method and system for out-tasking conversions of message attachments |
US20010005864A1 (en) | 1998-05-29 | 2001-06-28 | Mousseau Gary P. | System and method for redirecting message attachments between a host system and a mobile data communication device |
US6438585B2 (en) | 1998-05-29 | 2002-08-20 | Research In Motion Limited | System and method for redirecting message attachments between a host system and a mobile data communication device |
US6205432B1 (en) | 1998-06-05 | 2001-03-20 | Creative Internet Concepts, Llc | Background advertising system |
US20040054886A1 (en) | 1998-11-03 | 2004-03-18 | Dickinson Robert D. | E-mail firewall with stored key encryption/decryption |
US7096355B1 (en) | 1999-04-26 | 2006-08-22 | Omniva Corporation | Dynamic encoding algorithms and inline message decryption |
US20010034225A1 (en) | 2000-02-11 | 2001-10-25 | Ash Gupte | One-touch method and system for providing email to a wireless communication device |
US20020059144A1 (en) | 2000-04-28 | 2002-05-16 | Meffert Gregory J. | Secured content delivery system and method |
US20020016818A1 (en) * | 2000-05-11 | 2002-02-07 | Shekhar Kirani | System and methodology for optimizing delivery of email attachments for disparate devices |
US6732101B1 (en) | 2000-06-15 | 2004-05-04 | Zix Corporation | Secure message forwarding system detecting user's preferences including security preferences |
WO2002013031A1 (en) | 2000-08-04 | 2002-02-14 | Uniwis Co., Ltd | Apparatus and method for connecting and serving an e-mail using wireless terminal |
US20020078351A1 (en) | 2000-10-13 | 2002-06-20 | Garib Marco Aurelio | Secret key Messaging |
US6728378B2 (en) | 2000-10-13 | 2004-04-27 | Eversystems Information Comircio Representagco, Importageo E Exportagco Ltda. | Secret key messaging |
US20030054810A1 (en) | 2000-11-15 | 2003-03-20 | Chen Yih-Farn Robin | Enterprise mobile server platform |
US20020087536A1 (en) | 2001-01-04 | 2002-07-04 | Ferguson Helaman David Pratt | Methods for reproducing and recreating original data |
US6714950B1 (en) | 2001-01-04 | 2004-03-30 | Novell, Inc. | Methods for reproducing and recreating original data |
US20030154371A1 (en) | 2001-02-14 | 2003-08-14 | Adrian Filipi-Martin | Automated electronic messaging encryption system |
US7305545B2 (en) | 2001-02-14 | 2007-12-04 | Globalcerts, Lc | Automated electronic messaging encryption system |
US20020120693A1 (en) | 2001-02-27 | 2002-08-29 | Rudd Michael L. | E-mail conversion service |
US20030037261A1 (en) | 2001-03-26 | 2003-02-20 | Ilumin Corporation | Secured content delivery system and method |
US20020178353A1 (en) | 2001-04-11 | 2002-11-28 | Graham Randall James | Secure messaging using self-decrypting documents |
US20050143136A1 (en) | 2001-06-22 | 2005-06-30 | Tvsi Lev | Mms system and method with protocol conversion suitable for mobile/portable handset display |
US20030093565A1 (en) * | 2001-07-03 | 2003-05-15 | Berger Adam L. | System and method for converting an attachment in an e-mail for delivery to a device of limited rendering capability |
US20030044012A1 (en) | 2001-08-31 | 2003-03-06 | Sharp Laboratories Of America, Inc. | System and method for using a profile to encrypt documents in a digital scanner |
US20030065941A1 (en) * | 2001-09-05 | 2003-04-03 | Ballard Clinton L. | Message handling with format translation and key management |
US20030050933A1 (en) | 2001-09-06 | 2003-03-13 | Desalvo Christopher J. | System and method of distributing a file by email |
US7117210B2 (en) | 2001-09-06 | 2006-10-03 | Danger, Inc. | System and method of distributing a file by email |
US7328245B1 (en) | 2001-09-14 | 2008-02-05 | Ricoh Co., Ltd. | Remote retrieval of documents |
US20030126214A1 (en) | 2001-10-04 | 2003-07-03 | Mike Oliszewski | Document management system |
US20040088585A1 (en) | 2001-10-16 | 2004-05-06 | Kaler Christopher J. | Flexible electronic message security mechanism |
US20030081791A1 (en) | 2001-10-26 | 2003-05-01 | Hewlett-Packard Co., | Message exchange in an information technology network |
US20030099334A1 (en) | 2001-11-28 | 2003-05-29 | Contractor Sunil H. | Transferring voice mail messages to a data network |
US6683940B2 (en) | 2001-11-28 | 2004-01-27 | Sunil H. Contractor | Transferring voice mail messages to a data network |
US7196807B2 (en) | 2002-01-29 | 2007-03-27 | Comverse, Ltd. | Encrypted e-mail message retrieval system |
US20030142364A1 (en) * | 2002-01-29 | 2003-07-31 | Comverse, Ltd. | Encrypted e-mail message retrieval system |
US20030208546A1 (en) | 2002-05-02 | 2003-11-06 | Desalvo Christopher Joseph | System and method for processing message attachments |
US20040165603A1 (en) | 2002-10-16 | 2004-08-26 | D'angelo Leo A. | Enhancing messaging services using translation gateways |
US20040133520A1 (en) | 2003-01-07 | 2004-07-08 | Callas Jonathan D. | System and method for secure and transparent electronic communication |
US20050278448A1 (en) | 2003-07-18 | 2005-12-15 | Gadi Mazor | System and method for PIN-to-PIN network communications |
US7484107B2 (en) | 2004-04-15 | 2009-01-27 | International Business Machines Corporation | Method for selective encryption within documents |
Non-Patent Citations (10)
Title |
---|
European Patent Application No. 09172351.0, Office Action dated Aug. 26, 2013. |
Extended European Search Report issued on Dec. 4, 2009 in connection with European Application No. 09172351.0. |
International Search Report for Application No. PCT/CA03/00405, dated of mailing Sep. 1, 2003-7 pgs. |
R. Troost, S. Dorner: "RFC 1806-Communicating Presentation Information in Internet Messages: The Content-Disposition Header", May 1995, XP-002250131, pp. 1-8. |
S. Dusse, P. Hoffman, B. Ramsdell, L. Lundblade, L. Repka: "RFC 2311-S/MIME Version 2 Message Specification", Mar. 1998, XP-002250130, pp. 1-37. |
Stallings, William: "Electronic Mail Security", Cryptography and Network Security: Principles and Practice, 1999 XP-002212123, pp. 355-397. |
Technical White Paper BlackBerry Enterprise Edition (TM) for Microsoft (R) Exchange version 2.1, RIM Wireless Handhelds (TM), 2001 Research in Motion Limited, www.blackberry.net. |
Technical White Paper BlackBerry(TM) Enterprise Server for Lotus(R) Domino (TM) version 2.0 with Service Pack 1a, 1997-2001 Research in Motion Limited, www.blackberry.net. |
Technical White Paper BlackBerry(TM) Enterprise Server for Microsoft (R) Exchange version 2.1, 1997-2001 Research in Motion Limited, www.blackberry.net. |
U.S. Appl. No. 10/508,644, Notice of Allowance dated Aug. 14, 2013. |
Also Published As
Publication number | Publication date |
---|---|
CA2479601A1 (en) | 2003-09-25 |
EP2141872A1 (en) | 2010-01-06 |
US20050114671A1 (en) | 2005-05-26 |
DE60329584D1 (en) | 2009-11-19 |
EP1488583B1 (en) | 2009-10-07 |
CN1653764A (en) | 2005-08-10 |
CN1653764B (en) | 2011-05-11 |
ATE445278T1 (en) | 2009-10-15 |
HK1071646A1 (en) | 2005-07-22 |
CA2479601C (en) | 2012-07-03 |
EP2141872B1 (en) | 2018-09-26 |
US8615661B2 (en) | 2013-12-24 |
EP1488583A1 (en) | 2004-12-22 |
AU2003213909A1 (en) | 2003-09-29 |
US20140075191A1 (en) | 2014-03-13 |
WO2003079619A1 (en) | 2003-09-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9215238B2 (en) | System and method for transmitting and utilizing attachments | |
US9807082B2 (en) | Certificate information storage system and method | |
JP4875745B2 (en) | Multi-stage system and method for processing encoded messages | |
USRE45087E1 (en) | Certificate management and transfer system and method | |
US8966246B2 (en) | System and method for checking digital certificate status | |
US8898473B2 (en) | System and method for compressing secure E-mail for exchange with a mobile data communication device | |
US7865720B2 (en) | System and method for supporting multiple certificate status providers on a mobile communication device | |
US8423763B2 (en) | System and method for supporting multiple certificate status providers on a mobile communication device | |
US20110320807A1 (en) | System and method for processing encoded messages | |
US20130013714A1 (en) | System and method for processing encoded messages | |
JP2007318809A (en) | Method for processing encrypted messages for exchange with mobile data communication device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: RESEARCH IN MOTION LIMTED, CANADA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:LITTLE, HERBERT ANTHONY;HECHT-ENNS, ALBERT;TAPUSKA, DAVID FRANCIS;AND OTHERS;SIGNING DATES FROM 20030310 TO 20030313;REEL/FRAME:032190/0265 |
|
AS | Assignment |
Owner name: BLACKBERRY LIMITED, ONTARIO Free format text: CHANGE OF NAME;ASSIGNOR:RESEARCH IN MOTION LIMITED;REEL/FRAME:032331/0902 Effective date: 20130709 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |
|
AS | Assignment |
Owner name: MALIKIE INNOVATIONS LIMITED, IRELAND Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BLACKBERRY LIMITED;REEL/FRAME:064104/0103 Effective date: 20230511 |
|
AS | Assignment |
Owner name: MALIKIE INNOVATIONS LIMITED, IRELAND Free format text: NUNC PRO TUNC ASSIGNMENT;ASSIGNOR:BLACKBERRY LIMITED;REEL/FRAME:064066/0001 Effective date: 20230511 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20231215 |